Winamp AVI / IT File Processing Vulnerabilities

Secunia ID	SA46624
CVE-ID	CVE-2012-3889, CVE-2012-3890, CVE-2012-4045
Release Date	21 Jun 2012
Last Change	03 Aug 2012
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Winamp 5.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Multiple vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user's system. 1) An error in bmp.w5s when allocating memory using values from the "strf" chunk to process BI_RGB video data within AVI files can be exploited to cause a heap-based buffer overflow. 2) An error in bmp.w5s when allocating memory using values from the "strf" chunk to process UYVY video data within AVI files can be exploited to cause a heap-based buffer overflow. 3) An error in bmp.w5s when processing decompressed TechSmith Screen Capture Codec (TSCC) data within AVI files can be exploited to cause a heap-based buffer overflow. 4) Some unspecified errors in the in_mod.dll module when processing Impulse Tracker (IT) files can be exploited to corrupt memory. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities #1 through #3 are confirmed in version 5.622. Other versions may also be affected.
Solution	Update to version 5.63 Build 3234.
Reported by	1 - 3) Hossein Lotfi via Secunia. 4) Jeremy Brown via MSVR.
Original Advisory	Winamp: http://forums.winamp.com/showthread.php?t=345684 MSVR: http://technet.microsoft.com/en-us/security/msvr/msvr12-011

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.