Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Winamp < 5.59 Build 3033 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows.

Versions of Winamp earlier than 5.59 build 3033 are potentially affected by multiple vulnerabilities :

- Winamp loads libraries in an insecure manner. (CVE-2010-3137)

- An integer overflow vulnerability exists in the 'in_mkv.dll' plugin when parsing MKV content.

- A heap-based buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content.

- A stack-based buffer overflow vulnerability exists in the 'in_mod.dll' plugin when parsing Multitracker Module files.

- A heap-based buffer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing NSV content.

- A heap-based buffer overflow vulnerability exists when parsing VP6 video content.

Solution

Upgrade to Winamp 5.59 build 3033 or later.