Detections
Analytics
Winamp < 5.59 build 3033 Multiple Vulnerabilities
high Nessus Plugin ID 50379
Language:
Synopsis
The remote Windows host contains a multimedia application that is affected by multiple vulnerabilities.Description
The remote host is running Winamp, a media player for Windows.The version of Winamp installed on the remote host is earlier than 5.59 build 3033. Such versions are potentially affected by multiple vulnerabilities :
- Winamp loads libraries in an insecure manner. (CVE-2010-3137)
- An integer overflow vulnerability exists in the 'in_mkv.dll' plugin when parsing MKV content.
- A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content.
- A stack-based buffer overflow vulnerability exists in the 'in_mod.dll' plugin when parsing Multitracker Module files.
- A heap-based buffer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing NSV content.
- A heap-based buffer overflow vulnerability exists when parsing VP6 video content.
Solution
Upgrade to Winamp 5.59 build 3033 or later.See Also
https://secuniaresearch.flexerasoftware.com/secunia_research/2010-95/
Plugin Details
Severity: High
ID: 50379
File Name: winamp_559_3033.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows
Published: 10/28/2010
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:nullsoft:winamp
Required KB Items: SMB/Winamp/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/8/2010
Vulnerability Publication Date: 1/31/2010