Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Winamp < 5.57 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows. The version of Winamp installed on the remote host is earlier than 5.57. Such versions are potentially affected by multiple vulnerabilities :

- A boundary error in the Module Decoder Plug-in exists when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted 'Impulse Tracker' file. (CVE-2009-3995)

- An error in the Module Decoder Plug-in when parsing 'Ultratracker' files can be exploited to cause a heap-based buffer overflow. (CVE-2009-3996)

- An integer overflow error exists in the Module Decoder Plug-in when parsing 'Oktalyzer' files and can be exploited to cause a heap-based buffer overflow.

- Multiple integer overflow vulnerabilities in the 'jpeg.w5s' and 'png.w5s' filters when processing malformed 'JPEG' and 'PNG' data.

Solution

Upgrade to Winamp version 5.57 or later.