icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Winamp < 5.57 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.57. Such versions are potentially affected by multiple vulnerabilities :

- A boundary error in the Module Decoder Plug-in exists when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted 'Impulse Tracker' file. (CVE-2009-3995)

- An error in the Module Decoder Plug-in when parsing 'Ultratracker' files can be exploited to cause a heap-based buffer overflow. (CVE-2009-3996)

- An integer overflow error exists in the Module Decoder Plug-in when parsing 'Oktalyzer' files and can be exploited to cause a heap-based buffer overflow.

- Multiple integer overflow vulnerabilities in the 'jpeg.w5s' and 'png.w5s' filters when processing malformed 'JPEG' and 'PNG' data.

Solution

Upgrade to Winamp version 5.57 or later.