Vulnerability CVE-2009-4356
Published: 2009-12-18   Modified: 2012-02-13

Description:
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

See advisories in our WLB2 database:
Topic
Author
Date
High
Winamp 5.56 PNG and JPEG Data Integer Overflow Vulnerabilities
VUPEN
22.12.2009

Type:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Nullsoft -> Winamp 

 References:
http://forums.winamp.com/showthread.php?threadid=315355
http://www.securityfocus.com/archive/1/508532/100/0/threaded
http://www.securityfocus.com/bid/37387
http://www.vupen.com/english/advisories/2009/3576
http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15743
Copyright 2024, cxsecurity.com

 

Back to Top