6/21/2006

Highly critical vulnerability discovered in WinAmp

Filed under: — Aviran Mordo @ 7:20 am

Highly critical vulnerability discovered in WinAmp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user’s system.

The vulnerability is cause due to a boundary error within the MIDI plug-in (in_midi.dll) when handling MIDI files. This can be exploited to cause a heap-based buffer overflow via a malicious “.mid” file with a specially crafted header.

Successful exploitation crashes the application and may allow execution of arbitrary code.

The vulnerability has been confirmed in version 5.23 and has also been reported in version 5.21. Other versions may also be affected.

Source: secunia

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress