Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22968
HistoryDec 17, 2009 - 12:00 a.m.

VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities

2009-12-1700:00:00
vulners.com
30

VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow
Vulnerabilities

http://www.vupen.com/english/research.php

I. BACKGROUND

Winamp is a proprietary media player written by Nullsoft,
now a subsidiary of AOL. It is skinnable, multi-format
freeware/shareware (from Wikipedia).

Winamp is a one of the world's most popular media players
with over 73 million users globally (comScore Media Metrix,
January 2009).

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered critical
vulnerabilities affecting Winamp.

These vulnerabilities are caused due to integer overflow errors within
the "jpeg.w5s" and "png.w5s" filters when processing malformed
JPEG or PNG data in a media (e.g. MP3) file, which could allow
attackers to execute arbitrary code by tricking a user into opening
a specially crafted MP3.

III. AFFECTED PRODUCTS

Winamp version 5.56 and prior

IV. Exploits - PoCs & Binary Analysis

In-depth binary analysis of the vulnerabilities and proof-of-concept
codes have been released by VUPEN Security through the
VUPEN Exploits & PoCs Service :

http://www.vupen.com/exploits

V. SOLUTION

Upgrade to Winamp version 5.57 :
http://www.winamp.com/media-player

VI. CREDIT

The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security

VII. REFERENCES

http://www.vupen.com/english/advisories/2009/3576
http://forums.winamp.com/showthread.php?threadid=315355

VIII. DISCLOSURE TIMELINE

2009-11-25 - Vendor notified
2009-11-25 - Vendor response
2009-12-02 - Status update received
2009-12-17 - Coordinated public Disclosure