Computer Security
[EN] securityvulns.ru no-pyccku


WinAmp security vulnerabilities
Published:08.07.2013
Source:
SecurityVulns ID:13157
Type:client
Threat Level:
5/10
Description:Buffer overflow, uninitialized pointer dereference.
Affected:WINAMP : WinAmp 5.63
CVE:CVE-2013-4695
 CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.)
Original documentdocumentInshell Security, [CVE-2013-4695] WinAmp v5.63 gen_ff.dll links.xml Value Parsing Invalid Pointer Dereference (08.07.2013)
 documentInshell Security, [CVE-2013-4694] WinAmp v5.63 gen_jumpex.dll and ml_local.dll Multiple Buffer Overflows (08.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod