TITLE:
WinAmp MIDI File Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA20722
RELEASE DATE:
2006-06-21
LAST UPDATE:
2006-06-22
VERIFY ADVISORY:
http://secunia.c
om/advisories/20722/
CRITICAL:
Highly critical
WHERE:
From remote
IMPACT:
DoS
System access
SOFTWARE:
Winamp 5.x
DESCRIPTION:
BassReFLeX has discovered a vulnerability in WinAmp, which
potentially
can be exploited by malicious people to compromise a user's
system.
The vulnerability is cause due to a boundary error within
the MIDI
plug-in (in_midi.dll) when handling MIDI files. This can be
exploited to
cause a heap-based buffer overflow via a malicious
".mid" file with a
specially crafted header.
Successful exploitation may allow execution of arbitrary
code.
The vulnerability has been confirmed in version 5.23 and has
also been
reported in version 5.21. Other versions may also be
affected.
NOTE: The vulnerability may be related to one reported by
Fortinet
Security Research Team.
SOLUTION:
Update to version 5.24.
REPORTED BY CREDITS:
BassReFLeX
CHANGELOG:
2006-06-22: Updated "Solution" section.
ORIGINAL ADVISORY:
Winamp:
http://www.winamp.com/player/version_history.php#5.24
milw0rm:
http://www.milw0
rm.com/exploits/1935
Fortinet:
http://www.fortinet.com/FortiGuardCenter/adviso
ry/FG-2006-16.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|