This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Windows host contains a multimedia application that is
affected by multiple vulnerabilities.
The remote host is running Winamp, a media player for Windows.
The version of Winamp installed on the remote host is earlier than
5.6. Such versions are potentially affected by the following
- An integer overflow vulnerability exists in the
'in_nsv.dll' plugin when parsing the table of contents
of a NullSoft Video (NSV) stream or file.
- A heap-based buffer overflow vulnerability exists in
the 'in_midi.dll' plugin when parsing MIDI content.
- A buffer overflow vulnerability exists in the 'in_mod'
plugin and is related to the comment box.
- Another integer overflow vulnerability exists in the
'in_nsv' plugin due to improper memory allocation for
Nullsoft Video (NSV) metadata.
- An error exists in the 'in_mp4' plugin which allows
remote attackers to use either crafted metadata or
album art in an MP4 file to cause a denial of service.
- An error exists in the 'in_mkv' plugin which allows
remote attackers to use a crafted Matroska Video (MKV)
file to cause a denial of service.
See also :
Upgrade to Winamp 5.6 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true