Computer Security
[EN] securityvulns.ru no-pyccku


NullSoft WinAmp multiple security vulnerabilities
Published:06.04.2007
Source:
SecurityVulns ID:7539
Type:remote
Threat Level:
6/10
Description:Multiple memory corruptions in different modules.
Affected:NULLSOFT : Winamp 5.33
CVE:CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.)
 CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption.)
Original documentdocumentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption (06.04.2007)
 documentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption (06.04.2007)
 documentPiotr Bania, [Full-disclosure] AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) (06.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod