Winamp: VP6 Content Parsing Buffer Overflow Vulnerability

Users of Winamp please be advised of a VP6 Content Parsing Buffer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Winamp-SA-10/27/2010: Winamp VP6 Content Parsing Buffer Overflow Vulnerability
Affected Software

* Winamp 5.581

NOTE: Other versions may also be affected.

Description of Vulnerability

Secunia Research has discovered a vulnerability in Winamp, which can

be exploited by malicious people to potentially compromise a user’s

system.

The vulnerability is caused by an error in the VP6 codec (vp6.w5s)

when parsing VP6 video content. This can be exploited to cause a

heap-based buffer overflow via a specially crafted media file or

stream.

Successful exploitation may allow execution of arbitrary code.

Read more at http://www.criticalwatch.com

 

Advertisements