icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Winamp < 5.622 Multiple Vulnerabilities

High

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows.

Versions of Winamp earlier than 5.622 are potentially affected by the following overflow vulnerabilities :

- A heap-based buffer overflow exists in the plugin in_midi.dll when processing the iOffsetMusic value in the Creative Music Format (CMF) header.

- A heap-based buffer overflow exists in the plugin in_mod.dll when processing the channels value in the Advanced Module Format (AMF) header.

- A heap-based buffer overflow exists in the plugin in_nsv.dll when processing the toc_alloc value in the Nullsoft Streaming Video (NSF) header.

- Integer overflow errors exist in the TSCC RGB and YUV decoders.

Solution

Upgrade to Winamp 5.622 or later.