Winamp 5.56 PNG and JPEG Data Integer Overflow Vulnerabilities

2009-12-21 / 2009-12-22
Credit: VUPEN
Risk: High
Local: No
Remote: Yes
CWE: CWE-189


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities http://www.vupen.com/english/research.php I. BACKGROUND --------------------- Winamp is a proprietary media player written by Nullsoft, now a subsidiary of AOL. It is skinnable, multi-format freeware/shareware (from Wikipedia). Winamp is a one of the world's most popular media players with over 73 million users globally (comScore Media Metrix, January 2009). II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered critical vulnerabilities affecting Winamp. These vulnerabilities are caused due to integer overflow errors within the "jpeg.w5s" and "png.w5s" filters when processing malformed JPEG or PNG data in a media (e.g. MP3) file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted MP3. III. AFFECTED PRODUCTS -------------------------------- Winamp version 5.56 and prior IV. Exploits - PoCs & Binary Analysis ---------------------------------------- In-depth binary analysis of the vulnerabilities and proof-of-concept codes have been released by VUPEN Security through the VUPEN Exploits & PoCs Service : http://www.vupen.com/exploits V. SOLUTION ---------------- Upgrade to Winamp version 5.57 : http://www.winamp.com/media-player VI. CREDIT -------------- The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security VII. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2009/3576 http://forums.winamp.com/showthread.php?threadid=315355 VIII. DISCLOSURE TIMELINE ----------------------------------- 2009-11-25 - Vendor notified 2009-11-25 - Vendor response 2009-12-02 - Status update received 2009-12-17 - Coordinated public Disclosure

References:

http://forums.winamp.com/showthread.php?threadid=315355
http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php
http://www.vupen.com/english/advisories/2009/3576
http://www.securityfocus.com/bid/37387
http://www.securityfocus.com/archive/1/archive/1/508532/100/0/threaded


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top