Winamp < 5.6 Multiple Vulnerabilities
High Nessus Plugin ID 50846
SynopsisThe remote Windows host contains a multimedia application that is affected by multiple vulnerabilities.
DescriptionThe remote host is running Winamp, a media player for Windows.
The version of Winamp installed on the remote host is earlier than 5.6. Such versions are potentially affected by the following vulnerabilities :
- An integer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586)
- A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content.
- A buffer overflow vulnerability exists in the 'in_mod' plugin and is related to the comment box.
- Another integer overflow vulnerability exists in the 'in_nsv' plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372)
- An error exists in the 'in_mp4' plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service.
- An error exists in the 'in_mkv' plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)
SolutionUpgrade to Winamp 5.6 or later.