Detections
Analytics

Winamp < 5.622 Multiple Vulnerabilities

high Nessus Plugin ID 56681

Language:

Synopsis

The remote Windows host contains a multimedia application that is affected by multiple vulnerabilities.

Description

The remote host is running Winamp, a media player for Windows.

The version of Winamp installed on the remote host is earlier than 5.622 and is affected by the following overflow vulnerabilities :

 - A heap-based buffer overflow exists in the plugin 'in_midi.dll' when processing the 'iOffsetMusic' value in the 'Creative Music Format' (CMF) header.

 - A heap-based buffer overflow exists in the plugin 'in_mod.dll' when processing the 'channels' value in the 'Advanced Module Format' (AMF) header.

 - A heap-based buffer overflow exists in the plugin 'in_nsv.dll' when processing the 'toc_alloc' value in the 'Nullsoft Streaming Video' (NSF) header.

 - Integer overflow errors exist in the 'TSCC', 'RGB', and 'YUV' decoders.

Solution

Upgrade to Winamp 5.622 or later.

See Also

http://forums.winamp.com/showthread.php?t=332010

Plugin Details

Severity: High

ID: 56681

File Name: winamp_5622.nasl

Version: 1.6

Type: local

Agent: windows

Family: Windows

Published: 10/31/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:nullsoft:winamp

Required KB Items: SMB/Winamp/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 10/26/2011

Vulnerability Publication Date: 10/26/2011

Reference Information

BID: 50387