Winamp < 5.64 Multiple Vulnerabilities

High

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors

Description

The remote host is running Winamp, a media player for Windows. Versions of Winamp earlier than 5.64 are potentially affected by the following overflow vulnerabilities :

- A buffer overflow exists in the 'ml_local.dll' when passed GUI search fields.

- A buffer overflow exists in the 'gen_jumpex.dll' when handling Skins directory names.

- Invalid pointer dereference vulnerabilities exist in the 'gen_ff.dll' library when loading the links.xml.

Successful exploitation can allow arbitrary code execution

Solution

Upgrade to Winamp 5.64 (5.6.4.3418) or later.