Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
BID:23568
Info
Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
| Bugtraq ID: | 23568 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2007 12:00AM |
| Updated: | Apr 24 2007 06:10PM |
| Credit: | UniquE-Cracker is credited with the discovery of this vulnerability. |
| Vulnerable: |
NullSoft Winamp 5.3 |
| Not Vulnerable: | |
Discussion
Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed MIDI files.
Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed.
This issue is reported to affect Winamp 5.3; other versions may also be affected.
Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed MIDI files.
Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed.
This issue is reported to affect Winamp 5.3; other versions may also be affected.
Exploit / POC
Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
Sample exploits have been provided:
Sample exploits have been provided:
Solution / Fix
Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Nullsoft Winamp MIDI File Processing Denial of Service Vulnerability
References:
References: