BugTraq
nSense-2010-005: Winamp Dec 21 2010 05:56AM
Henri Lindberg henri+lists (at) nsense (dot) fi [email concealed] (henri+lists nsense fi)
nSense Vulnerability Research Security Advisory NSENSE-2010-005
---------------------------------------------------------------

Affected Vendor: Nullsoft
Affected Product: Winamp 5.581 (possibly older versions)
Platform: Windows
Impact: Local code execution
Vendor response: Patch
CVE: CVE-2010-4370
CVSS2: 9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Credit: JODE

Technical details
---------------------------------------------------------------

A MIDI file format parsing vulnerability exists in the in_midi
plugin and can be exploited with a specially crafted input
file. The plugin suffers from an integer wrapping flaw which
leads to a heap overflow.

If an attacker is able to entice the user to open a malicious
file, successful exploitation leads to code being executed in
the context of the logged in user.

Solution
Upgrade to 5.6 or later.

More information
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4370
http://forums.winamp.com/showthread.php?threadid=159785

Timeline:
November 18th Contacted vendor
November 18th Vendor responded
November 24th More information sent to vendor
December 1st Vendor released the fix
December 20th Advisory released

Links:
http://www.nsense.fi http://www.nsense.dk

$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P

D r i v e n b y t h e c h a l l e n g e _

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus