Winamp: NSV Table of Contents Parsing Integer Overflow Vulnerability

Users of Winamp please be advised of a NSV Table of Contents Parsing Integer Overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Winamp-SA-12/01/2010: Winamp NSV Table of Contents Parsing Integer Overflow
Affected Software

* Winamp 5.581
* Winamp 5.59 Beta Build 3033

NOTE: Other versions may also be affected.

Description of Vulnerability

Secunia Research has discovered a vulnerability in Winamp, which can
be exploited by malicious people to compromise a user’s system.

The vulnerability is caused by an integer overflow error in the
“in_nsv.dll” plugin when parsing the Table of Contents. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted NSV stream or file.

Successful exploitation allows execution of arbitrary code.









Read more at http://www.criticalwatch.com

 

Advertisements