Winamp < 5.6 Multiple Vulnerabilities

high Nessus Plugin ID 50846

Language:

Synopsis

The remote Windows host contains a multimedia application that is affected by multiple vulnerabilities.

Description

The remote host is running Winamp, a media player for Windows.

The version of Winamp installed on the remote host is earlier than 5.6. Such versions are potentially affected by the following vulnerabilities :

- An integer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586)

- A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content.
(CVE-2010-4370)

- A buffer overflow vulnerability exists in the 'in_mod' plugin and is related to the comment box.
(CVE-2010-4371)

- Another integer overflow vulnerability exists in the 'in_nsv' plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372)

- An error exists in the 'in_mp4' plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service.
(CVE-2010-4373)

- An error exists in the 'in_mkv' plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)

Solution

Upgrade to Winamp 5.6 or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2010-127/

http://forums.winamp.com/showthread.php?threadid=159785

http://forums.winamp.com/showthread.php?t=324322

Plugin Details

Severity: High

ID: 50846

File Name: winamp_56.nasl

Version: 1.16

Type: local

Agent: windows

Family: Windows

Published: 11/30/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:nullsoft:winamp

Required KB Items: SMB/Winamp/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/27/2010

Vulnerability Publication Date: 11/30/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2586, CVE-2010-4370, CVE-2010-4371, CVE-2010-4372, CVE-2010-4373, CVE-2010-4374

BID: 45097

SECUNIA: 42004