icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Winamp < 5.63 Multiple Vulnerabilities

High

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors

Description

The remote host is running Winamp, a media player for Windows. Versions of Winamp earlier than 5.63 are potentially affected by the following overflow vulnerabilities :

- A memory corruption error exists in 'in_mod.dll' related to input validation when handling 'Impulse Tracker' (IT) files.

- Heap-based buffer overflows exist related to 'bmp.w5s' when handling 'BI_RGB' and 'UYVY' data in AVI files. Processing decompressed TechSmith Screen Capture Codec (TSCC) data in AVI files can also trigger a heap-based buffer overflow.

Successful exploitation can allow arbitrary code execution.

Solution

Upgrade to Winamp 5.63 (5.6.3.3234) or later.