Secunia Advisory SA45080
Release Date 2011-06-27
Criticality level: Highly critical
Impact :System access
Where :From remote
Solution Status: Unpatched
Software:Winamp 5.x
Description
Luigi Auriemma has discovered multiple vulnerabilities in Winamp, which can be exploited by malicious people to potentially compromise a user's system.
1) An error in vp6.w5s when parsing media files encoded with the On2 TrueMotion VP6 codec where the "version" field value is greater than 8 can be exploited to corrupt memory via a specially crafted FLV file.
2) An error when parsing the "CustomWidth" and "CustomHeight" fields in H263 video content can be exploited to corrupt memory via a specially crafted FLV file.
3) An error in nsvdec_vp5.dll when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
4) An integer overflow error in nsvdec_vp6.dll when parsing screen dimensions can be exploited to corrupt memory via a specially crafted NSV file.
5) An error in nsvdec_vp3.dll in the handling of screen dimensions when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
6) An error in in_mod.dll can be exploited to corrupt memory via a specially crafted IT file.
7) An error in in_midi.dll when handling "Controller" messages can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
8) An error in in_midi.dll when handling "Note On" messages can be exploited to cause a heap-based buffer overflow via a specially crafted file.
9) An error in in_midi.dll when parsing MTrk chunks can be exploited to corrupt memory via a specially crafted file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 5.61. Other versions may also be affected.
Solution
Do not open untrusted files.
Bollettino Sicurezza
Release Date 2011-06-27
Criticality level: Highly critical
Impact :System access
Where :From remote
Solution Status: Unpatched
Software:Winamp 5.x
Description
Luigi Auriemma has discovered multiple vulnerabilities in Winamp, which can be exploited by malicious people to potentially compromise a user's system.
1) An error in vp6.w5s when parsing media files encoded with the On2 TrueMotion VP6 codec where the "version" field value is greater than 8 can be exploited to corrupt memory via a specially crafted FLV file.
2) An error when parsing the "CustomWidth" and "CustomHeight" fields in H263 video content can be exploited to corrupt memory via a specially crafted FLV file.
3) An error in nsvdec_vp5.dll when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
4) An integer overflow error in nsvdec_vp6.dll when parsing screen dimensions can be exploited to corrupt memory via a specially crafted NSV file.
5) An error in nsvdec_vp3.dll in the handling of screen dimensions when decompressing frames can be exploited to cause a heap-based buffer overflow via a specially crafted NSV file.
6) An error in in_mod.dll can be exploited to corrupt memory via a specially crafted IT file.
7) An error in in_midi.dll when handling "Controller" messages can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.
8) An error in in_midi.dll when handling "Note On" messages can be exploited to cause a heap-based buffer overflow via a specially crafted file.
9) An error in in_midi.dll when parsing MTrk chunks can be exploited to corrupt memory via a specially crafted file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are confirmed in version 5.61. Other versions may also be affected.
Solution
Do not open untrusted files.
Bollettino Sicurezza