Winamp VP6 Content Parsing Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Winamp and is prone to heap-based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code or can be exploited by malicious people to potentially compromise a user's system. Impact Level: Application.

Solution

upgrade to Winamp 5.59 Beta build 3033 or later, For updates refer to http://www.winamp.com/media-player

Insight

The flaw is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream.

Affected

Winamp version before 5.59 Beta build 3033 (5.5.9.3033)

References

http://forums.winamp.com/showthread.php?t=322995
http://secunia.com/secunia_research/2010-95/
http://www.securityfocus.com/archive/1/archive/1/514484/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1523

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
Buffer Overflow Vulnerability in Adobe Reader (Linux)

Take action and discover your vulnerabilities