Winamp in_mod.dll buffer overflow
|winamp-inmod-bo (15727)||High Risk|
Nullsoft Winamp is vulnerable to a heap-based buffer overflow in the ntdll.RtlAllocateHeap function, caused by improper bounds checking in the in_mod.dll plug-in. By creating a specially-crafted media file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Upgrade to the latest version of Winamp (5.03 or later), available from the Winamp Web site. See References.
- NGSSoftware Insight Security Research Advisory #NISR05042004: Nullsoft Winamp 'in_mod.dll' Heap Overflow.
- Winamp Web site: WINAMP.COM | Doing our best to keep the spirit of Bam Bam Bigalow alive..
- BID-10045: NullSoft Winamp in_mod.dll Plug-in Heap Overflow Vulnerability
- CVE-2004-1896: Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.
- OSVDB ID: 4944: Winamp Fasttracker 2 Plug-In in_mod.dll Overflow
- SA11285: Winamp "in_mod.dll" Heap Overflow Vulnerability
- SECTRACK ID: 1009660: Winamp Fasttracker 2 File `in_mod.dll` Heap Overflow Lets Remote Users Execute Arbitrary Code
- Nullsoft Winamp 2.91 - 5.02
Apr 05, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this