NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
BID:10045
Info
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
| Bugtraq ID: | 10045 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2004 12:00AM |
| Updated: | Apr 05 2004 12:00AM |
| Credit: | Discovery is credited to Peter Winter-Smith <[email protected]>. |
| Vulnerable: |
NullSoft Winamp 5.0 2 NullSoft Winamp 5.0 1 NullSoft Winamp 3.1 NullSoft Winamp 3.0 NullSoft Winamp 2.91 |
| Not Vulnerable: |
NullSoft Winamp 5.0 3 |
Discussion
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
It has been reported that the Winamp 'in_mod.dll' plug-in is prone to a heap overflow vulnerability that may allow a remote attacker to cause the application to crash or possibly execute arbitrary code in order to gain unuauthorized access. The issue is reported to present itself due to insufficient boundary checks performed by the affected plug-in.
Winamp versions 2.91 to 5.02 are reported to be prone to this issue. Older versions may be affected as well.
It has been reported that the Winamp 'in_mod.dll' plug-in is prone to a heap overflow vulnerability that may allow a remote attacker to cause the application to crash or possibly execute arbitrary code in order to gain unuauthorized access. The issue is reported to present itself due to insufficient boundary checks performed by the affected plug-in.
Winamp versions 2.91 to 5.02 are reported to be prone to this issue. Older versions may be affected as well.
Exploit / POC
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
Solution:
Nullsoft has released Winamp 5.03 to address this issue.
NullSoft Winamp 2.91
NullSoft Winamp 3.0
NullSoft Winamp 3.1
NullSoft Winamp 5.0 1
NullSoft Winamp 5.0 2
Solution:
Nullsoft has released Winamp 5.03 to address this issue.
NullSoft Winamp 2.91
-
Nullsoft Winamp 5.03
http://www.winamp.com/player/
NullSoft Winamp 3.0
-
Nullsoft Winamp 5.03
http://www.winamp.com/player/
NullSoft Winamp 3.1
-
Nullsoft Winamp 5.03
http://www.winamp.com/player/
NullSoft Winamp 5.0 1
-
Nullsoft Winamp 5.03
http://www.winamp.com/player/
NullSoft Winamp 5.0 2
-
Nullsoft Winamp 5.03
http://www.winamp.com/player/
References
NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
References:
References:
- Winamp Home Page (NullSoft)
- NGSSoftware Insight Security Research Advisory ("Peter Winter-Smith"
)