Detections
Analytics

Winamp < 5.622 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6056

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows.

Versions of Winamp earlier than 5.622 are potentially affected by the following overflow vulnerabilities :

- A heap-based buffer overflow exists in the plugin in_midi.dll when processing the iOffsetMusic value in the Creative Music Format (CMF) header.

 - A heap-based buffer overflow exists in the plugin in_mod.dll when processing the channels value in the Advanced Module Format (AMF) header.

 - A heap-based buffer overflow exists in the plugin in_nsv.dll when processing the toc_alloc value in the Nullsoft Streaming Video (NSF) header.

 - Integer overflow errors exist in the TSCC RGB and YUV decoders.

Solution

Upgrade to Winamp 5.622 or later.

See Also

http://forums.winamp.com/showthread.php?t=332010

Plugin Details

Severity: High

ID: 6056

Family: Generic

Published: 10/31/2011

Updated: 3/6/2019

Nessus ID: 56681

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 10/26/2011

Vulnerability Publication Date: 10/26/2011

Reference Information

BID: 50387