English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Winamp AVI / IT File Processing Vulnerabilities


Secunia ID

SA46624

CVE-ID

CVE-2012-3889, CVE-2012-3890, CVE-2012-4045

Release Date

21 Jun 2012

Last Change

03 Aug 2012

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Winamp 5.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Multiple vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

1) An error in bmp.w5s when allocating memory using values from the "strf" chunk to process BI_RGB video data within AVI files can be exploited to cause a heap-based buffer overflow.

2) An error in bmp.w5s when allocating memory using values from the "strf" chunk to process UYVY video data within AVI files can be exploited to cause a heap-based buffer overflow.

3) An error in bmp.w5s when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files can be exploited to cause a heap-based buffer overflow.

4) Some unspecified errors in the in_mod.dll module when processing Impulse Tracker (IT) files can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities #1 through #3 are confirmed in version 5.622. Other versions may also be affected.

Solution

Update to version 5.63 Build 3234.

Reported by

1 - 3) Hossein Lotfi via Secunia.
4) Jeremy Brown via MSVR.

Original Advisory

Winamp:
http://forums.winamp.com/showthread.php?t=345684

MSVR:
http://technet.microsoft.com/en-us/security/msvr/msvr12-011