Winamp < 5.59 Build 3033 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5689
SynopsisThe remote host has a media player installed that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Winamp, a media player for Windows.
Versions of Winamp earlier than 5.59 build 3033 are potentially affected by multiple vulnerabilities :
- Winamp loads libraries in an insecure manner. (CVE-2010-3137)
- An integer overflow vulnerability exists in the 'in_mkv.dll' plugin when parsing MKV content.
- A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content.
- A stack-based buffer overflow vulnerability exists in the 'in_mod.dll' plugin when parsing Multitracker Module files.
- A heap-based buffer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing NSV content.
- A heap-based buffer overflow vulnerability exists when parsing VP6 video content.
SolutionUpgrade to Winamp 5.59 build 3033 or later.