Computer Security
[EN] securityvulns.ru
no-pyccku

  

WinAmp integer overflow
updated since 01.12.2010
Published:22.12.2010
Source:
SecurityVulns ID:11277
Type:client
Threat Level:
5/10
Description:Integer overflow in NSV streams parsing, MIDI files parsing.
Affected:WINAMP : Winamp 5.581
 WINAMP : Winamp 5.6
CVE:CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted MIDI file that triggers a buffer overflow.)
 CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in Winamp before 5.6 allow remote attackers to execute arbitrary code via a crafted Table of Contents (TOC) in a (1) NSV stream or (2) NSV file that triggers a heap-based buffer overflow.)
Original documentdocumentHenri Lindberg, nSense-2010-005: Winamp (22.12.2010)
 documentKryptos Logic Secure, Kryptos Logic Advisory: Winamp 5.6 Arbitrary Code Execution in MIDI Parser (09.12.2010)
 documentSECUNIA, Secunia Research: Winamp NSV Table of Contents Parsing Integer Overflow (01.12.2010)
Files:Exploits Winamp 5.6 Arbitrary Code Execution in MIDI Parser

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru