Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Winamp < 5.60 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a media player installed that is vulnerable to multiple attack vectors.

Description

The remote host is running Winamp, a media player for Windows.

Versions of Winamp earlier than 5.6 are potentially affected by multiple vulnerabilities :

- An integer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586)

- A heap-base buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content. (CVE-2010-4370)

- A buffer overflow vulnerability exists in the 'in_mod' plugin and is related to the comment box. (CVE-2010-4371)

- An integer overflow vulnerability exists in the 'in_nsv plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372)

- An error exists in the 'in_mp4' plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service. (CVE-2010-4373)

- An error exists in the 'in_mkv' plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)

Solution

Upgrade to Winamp 5.60 or later.