Winamp 5.622 Multiple Remote Security Vulnerabilities

Release date: 2011-10-28
Updated on: 2011-10-28

Affected Systems:
Nullsoft Winamp 5.x
Unaffected system:
Nullsoft Winamp 5.622
Description:
--------------------------------------------------------------------------------
Bugtraq id: 50387

Winamp is a popular Universal Music player.

Multiple Remote Vulnerabilities exist in Winamp 5.622. Remote attackers can exploit these vulnerabilities to execute arbitrary code or cause DoS attacks.

1) when processing the "iOffsetMusic" value in the Creative Music Format (CMF) header, the in_midi.dll plug-in has an error and can be exploited to cause heap buffer overflow through a specially crafted MIDI file.

2) when processing the "channels" value in the Advanced Module Format (AMF) header, there is an error in the in_mod.dl plug-in and the heap buffer overflow can be caused by a specially crafted ". amf" file.

3) when processing the "toc_alloc" value in the Nullsoft Streaming Video (NSV) header, the in_nsv.dll plug-in has an error and can be exploited to cause heap buffer overflow through a specially crafted ". nsv" file.

<* Source: Hossein Lotfi

Link: http://forums.winamp.com/showthread.php? T = 332010
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Nullsoft
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.winamp.com/