nSense-2010-005: Winamp

   nSense Vulnerability Research Security Advisory NSENSE-2010-005
   ---------------------------------------------------------------

   Affected Vendor:    Nullsoft
   Affected Product:   Winamp 5.581 (possibly older versions)
   Platform:           Windows
   Impact:             Local code execution
   Vendor response:    Patch
   CVE:                CVE-2010-4370
   CVSS2:              9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
   Credit:             JODE

   Technical details
   ---------------------------------------------------------------

   A MIDI file format parsing vulnerability exists in the in_midi
   plugin and can be exploited with a specially crafted input
   file. The plugin suffers from an integer wrapping flaw which
   leads to a heap overflow.

   If an attacker is able to entice the user to open a malicious
   file, successful exploitation leads to code being executed in
   the context of the logged in user.

   Solution
   Upgrade to 5.6 or later.

   More information
   http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4370
   http://forums.winamp.com/showthread.php?threadid=159785

   Timeline:
   November 18th                 Contacted vendor
   November 18th                 Vendor responded
   November 24th                 More information sent to vendor
   December 1st                  Vendor released the fix
   December 20th                 Advisory released

   Links:
   http://www.nsense.fi                       http://www.nsense.dk



   $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
   $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
   $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
   $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
   $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                  D r i v e n   b y   t h e   c h a l l e n g e _