Winamp < 5.63 Multiple Vulnerabilities
PVS ID: 6908 FAMILY: Generic RISK: HIGH NESSUS ID:59756
Description: Synopsis :\n\nThe remote host has a media player installed that is vulnerable to multiple attack vectors.\n\nThe remote host is running Winamp, a media player for Windows. For your information, the observed version of Winamp is : \n %L \n\nVersions of Winamp earlier than 5.63 are potentially affected by the following overflow vulnerabilities : \n\n- A memory corruption error exists in 'in_mod.dll' related to input validation when handling 'Impulse Tracker' (IT) files.\n\n - Heap-based buffer overflows exist related to 'bmp.w5s' when handling 'BI_RGB' and 'UYVY' data in AVI files. Processing decompressed TechSmith Screen Capture Codec (TSCC) data in AVI files can also trigger a heap-based buffer overflow.\n\nSuccessful exploitation can allow arbitrary code execution.

Solution: Upgrade to Winamp 5.63 (5.6.3.3234) or later.

CVE-2012-4045


Copyright Tenable Network Security Inc. 2013