TITLE:
WinAmp MIDI File Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA20722
RELEASE DATE:
2006-06-21
LAST UPDATE:
2006-06-22
VERIFY ADVISORY:
http://secunia.com/advisories/20722/
CRITICAL:
Highly critical
WHERE:
From remote
IMPACT:
DoS
System access
SOFTWARE:
Winamp 5.x
DESCRIPTION:
BassReFLeX has discovered a vulnerability in WinAmp, which potentially
can be exploited by malicious people to compromise a user's system.
The vulnerability is cause due to a boundary error within the MIDI
plug-in (in_midi.dll) when handling MIDI files. This can be exploited to
cause a heap-based buffer overflow via a malicious ".mid" file with a
specially crafted header.
Successful exploitation may allow execution of arbitrary code.
The vulnerability has been confirmed in version 5.23 and has also been
reported in version 5.21. Other versions may also be affected.
NOTE: The vulnerability may be related to one reported by Fortinet
Security Research Team.
SOLUTION:
Update to version 5.24.
REPORTED BY CREDITS:
BassReFLeX
CHANGELOG:
2006-06-22: Updated "Solution" section.
ORIGINAL ADVISORY:
Winamp:
http://www.winamp.com/player/version_history.php#5.24
milw0rm:
http://www.milw0rm.com/exploits/1935
Fortinet:
http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-16.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
