|
Family: Windows --> Category: infos
Winamp Malformed Midi File Buffer Overflow Vulnerability (2) Vulnerability Scan
Vulnerability Scan Summary Checks the version number of Winamp
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote Windows host contains a multimedia application that is
prone to a buffer overflow attack.
Description :
The remote host is using Winamp, a popular media player for Windows.
The version of Winamp installed on the remote Windows host reportedly
contains a buffer overflow in the MIDI test ('in_midi.dll') that can
be exploited using a MIDI file with a specially-crafted header to
crash the affected application or possibly even execute arbitrary code
remotely, subject to the rights of the user running the
application.
See also :
http://www.milw0rm.com/exploits/1935
http://forums.winamp.com/showthread.php?threadid=248100
http://www.winamp.com/player/version_history.php
Solution :
Upgrade to Winamp version 5.24 or later.
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|