| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Dec 2010 07:56:24 +0200
From: Henri Lindberg <henri+lists@...nse.fi>
To: bugtraq@...urityfocus.com
Subject: nSense-2010-005: Winamp
nSense Vulnerability Research Security Advisory NSENSE-2010-005
---------------------------------------------------------------
Affected Vendor: Nullsoft
Affected Product: Winamp 5.581 (possibly older versions)
Platform: Windows
Impact: Local code execution
Vendor response: Patch
CVE: CVE-2010-4370
CVSS2: 9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Credit: JODE
Technical details
---------------------------------------------------------------
A MIDI file format parsing vulnerability exists in the in_midi
plugin and can be exploited with a specially crafted input
file. The plugin suffers from an integer wrapping flaw which
leads to a heap overflow.
If an attacker is able to entice the user to open a malicious
file, successful exploitation leads to code being executed in
the context of the logged in user.
Solution
Upgrade to 5.6 or later.
More information
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4370
http://forums.winamp.com/showthread.php?threadid=159785
Timeline:
November 18th Contacted vendor
November 18th Vendor responded
November 24th More information sent to vendor
December 1st Vendor released the fix
December 20th Advisory released
Links:
http://www.nsense.fi http://www.nsense.dk
$$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s.
$$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$
$$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$
$$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$
$$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P
D r i v e n b y t h e c h a l l e n g e _
Powered by blists - more mailing lists