Winamp < 5.64 Multiple Vulnerabilities
PVS ID: 6907 FAMILY: Generic RISK: HIGH NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote host has a media player installed that is vulnerable to multiple attack vectors.\n\nThe remote host is running Winamp, a media player for Windows. For your information, the observed version of Winamp is : \n %L \n\nVersions of Winamp earlier than 5.64 are potentially affected by the following overflow vulnerabilities : \n\n - A buffer overflow exists in the 'ml_local.dll' when passed GUI search fields.\n\n - A buffer overflow exists in the 'gen_jumpex.dll' when handling Skins directory names.\n\n - Invalid pointer dereference vulnerabilities exist in the 'gen_ff.dll' library when loading the links.xml.\n\nSuccessful exploitation can allow arbitrary code execution.

Solution: Upgrade to Winamp 5.64 ( or later.


Copyright Tenable Network Security Inc. 2013