Winamp Multiple Integer Overflow Vulnerability
Release date: 2011-12-22
Updated on: 2011-12-23
Affected Systems:
Nullsoft Winamp 5.x
Unaffected system:
Nullsoft Winamp 5.623
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51015
Cve id: CVE-2011-3834, CVE-2011-4857
Winamp is a popular Universal Music player.
Multiple integer overflow vulnerabilities exist in Winamp implementation. Attackers can exploit these vulnerabilities to execute arbitrary code.
1) when the stream header is used to allocate memory, the integer overflow error in the in_avi.dll plug-in can be caused by a specially crafted AVI file.
2) When the riff info block size value is used to allocate memory, the integer overflow error in the in_avi.dll plug-in can be caused by a specially crafted AVI file.
<* Source: Dmitriy Pletnev
Link: http://www.securityfocus.com/archive/1/520827
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Nullsoft
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.winamp.com/