Summary
This host is installed with Winamp and is prone to Buffer Overflow vulnerability.
Impact
Attackers may leverage this issue by executing arbitrary codes in the context of the affected application via specially crafted VOC, AIFF files and can cause denial of service.
Impact Level: System/Application
Solution
Upgrade to the latest libsndfile version or apply the patch.
http://www.mega-nerd.com/libsndfile/
http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/rel_20.html
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The flaw is generated due to boundary error in 'voc_read_header()' and 'aiff_read_header()' functions in libsndfile.dll while processing VOC and AIFF files with invalid header values.
Affected
Winamp version 5.552 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2009-1788, CVE-2009-1791 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability (Mac OS X)
- Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
- 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
- Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)