Critical

CVE-2011-3834 - Numeric Errors vulnerability in Nullsoft Winamp

Publication: 2011-12-16
Summary

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

Classification
CWE-189: Numeric Errors

Risk level (CVSS 9.3)

Critical

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Nullsoft Winamp 0.20a
  • Nullsoft Winamp 5.08e
  • Nullsoft Winamp 0.92
  • Nullsoft Winamp 1.006
  • Nullsoft Winamp 1.90
  • Nullsoft Winamp 2.0
  • Nullsoft Winamp 2.6
  • Nullsoft Winamp 2.9
  • Nullsoft Winamp 2.10
  • Nullsoft Winamp 2.91
  • Nullsoft Winamp 2.92
  • Nullsoft Winamp 2.95
  • Nullsoft Winamp 5.0
  • Nullsoft Winamp 5.01
  • Nullsoft Winamp 5.1
  • Nullsoft Winamp 5.02
  • Nullsoft Winamp 5.03
  • Nullsoft Winamp 5.04
  • Nullsoft Winamp 5.05
  • Nullsoft Winamp 5.06
  • Nullsoft Winamp 5.07
  • Nullsoft Winamp 5.09
  • Nullsoft Winamp 5.11
  • Nullsoft Winamp 5.12
  • Nullsoft Winamp 5.13
  • Nullsoft Winamp 5.21
  • Nullsoft Winamp 5.08c
  • Nullsoft Winamp 5.08d
  • Nullsoft Winamp 5.22
  • Nullsoft Winamp 5.23
  • Nullsoft Winamp 5.24
  • Nullsoft Winamp 5.31
  • Nullsoft Winamp 5.32
  • Nullsoft Winamp 5.33
  • Nullsoft Winamp 5.34
  • Nullsoft Winamp 5.35
  • Nullsoft Winamp 5.51
  • Nullsoft Winamp 5.52
  • Nullsoft Winamp 5.53
  • Nullsoft Winamp 5.54
  • Nullsoft Winamp 5.55
  • Nullsoft Winamp 5.56
  • Nullsoft Winamp 5.57
  • Nullsoft Winamp 5.58
  • Nullsoft Winamp 5.091
  • Nullsoft Winamp 5.093
  • Nullsoft Winamp 5.094
  • Nullsoft Winamp 5.111
  • Nullsoft Winamp 5.112
  • Nullsoft Winamp 5.531
  • Nullsoft Winamp 5.541
  • Nullsoft Winamp 5.551
  • Nullsoft Winamp 5.552
  • Nullsoft Winamp 5.572
  • Nullsoft Winamp 5.581
  • Nullsoft Winamp 5.622