nSense-2010-005: Winamp

From: Henri Lindberg <henri+lists@nsense.fi>
To: bugtraq@securityfocus.com
Subject: nSense-2010-005: Winamp

       nSense Vulnerability Research Security Advisory NSENSE-2010-005

       Affected Vendor:    Nullsoft
       Affected Product:   Winamp 5.581 (possibly older versions)
       Platform:           Windows
       Impact:             Local code execution
       Vendor response:    Patch
       CVE:                CVE-2010-4370
       CVSS2:              9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
       Credit:             JODE

       Technical details

       A MIDI file format parsing vulnerability exists in the in_midi
       plugin and can be exploited with a specially crafted input
       file. The plugin suffers from an integer wrapping flaw which
       leads to a heap overflow.

       If an attacker is able to entice the user to open a malicious
       file, successful exploitation leads to code being executed in
       the context of the logged in user.

       Upgrade to 5.6 or later.

       More information

       November 18th                 Contacted vendor
       November 18th                 Vendor responded
       November 24th                 More information sent to vendor
       December 1st                  Vendor released the fix
       December 20th                 Advisory released

       http://www.nsense.fi                       http://www.nsense.dk

       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _

Copyright © 1995-2018 LinuxRocket.net. All rights reserved.