Winamp Heap Overflow Vulnerability

Zitat

Description:
NGSSoftware has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "in_mod.dll" plugin when loading Fasttracker 2 (".xm") media files. This can be exploited to cause a heap overflow by e.g. tricking a user into visiting a malicious website.

Successful exploitation allows execution of arbitrary code on a user's system.

The vulnerability reportedly affects versions 2.91 through 5.02. Prior versions may also be affected.


Solution:
Update to version 5.03.
http://www.winamp.com/player/

Disable support for Fasttracker 2 media files.


Provided and/or discovered by:
Peter Winter-Smith, NGSSoftware.


Original Advisory:
http://www.nextgenss.com/advisories/winampheap.txt