nSense-2010-005: Winamp Dec 21 2010 05:56AM
Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi)
nSense Vulnerability Research Security Advisory NSENSE-2010-005

Affected Vendor: Nullsoft
Affected Product: Winamp 5.581 (possibly older versions)
Platform: Windows
Impact: Local code execution
Vendor response: Patch
CVE: CVE-2010-4370
CVSS2: 9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Credit: JODE

Technical details

A MIDI file format parsing vulnerability exists in the in_midi
plugin and can be exploited with a specially crafted input
file. The plugin suffers from an integer wrapping flaw which
leads to a heap overflow.

If an attacker is able to entice the user to open a malicious
file, successful exploitation leads to code being executed in
the context of the logged in user.

Upgrade to 5.6 or later.

More information

November 18th Contacted vendor
November 18th Vendor responded
November 24th More information sent to vendor
December 1st Vendor released the fix
December 20th Advisory released

http://www.nsense.fi http://www.nsense.dk

$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P

D r i v e n b y t h e c h a l l e n g e _

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus