CVE-2011-3834 - Numeric Errors vulnerability in Nullsoft Winamp

Publication

2011-12-16

Last modification

2017-09-19

Summary

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

Description

Winamp is prone to multiple integer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Solution

Vendor updates are available. Please see the references for details.

Exploit

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

Classification

CWE-189 - Numeric Errors

Risk level (CVSS AV:N/AC:M/Au:N/C:C/I:C/A:C)

High

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

OVAL definition

{
    "accepted": "2014-04-07T04:01:53.423-04:00",
    "class": "vulnerability",
    "contributors": [
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Shane Shaffer",
            "organization": "G2, Inc."
        },
        {
            "name": "Maria Mikhno",
            "organization": "ALTX-SOFT"
        }
    ],
    "definition_extensions": [
        {
            "comment": "Winamp is installed",
            "oval": "oval:org.mitre.oval:def:6897"
        }
    ],
    "description": "Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.",
    "family": "windows",
    "id": "oval:org.mitre.oval:def:14981",
    "status": "accepted",
    "submitted": "2012-07-20T09:18:28.692-04:00",
    "title": "Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623",
    "version": "8"
}

Affected Products

Vendor Product Versions
Nullsoft Winamp  5.51 , 5.56 , 5.09 , 5.54 , 5.111 , 2.9 , 5.33 , 5.52 , 5.58 , 5.02 , 5.07 , 5.06 , 5.32 , 2.92 , 5.531 , 5.23 , 5.08C , 2.91 , 5.541 , 5.552 , 1.90 , 5.35 , 5.05 , 5.1 , 5.581 , 5.0 , 2.6 , 5.22 , 5.34 , 5.091 , 1.006 , 5.551 , 5.572 , 5.094 , 5.11 , 5.112 , 5.55 , 5.53 , 5.12 , 5.21 , 5.093 , 5.622 , 5.01 , 5.08E , 0.20A , 2.10 , 5.31 , 2.0 , 5.57 , 0.92 , 5.24 , 5.03 , 5.08D , 2.95 , 5.13 , 5.04

Related CVE