Nullsoft Winamp Midi File Header Handling Client-Side Buffer Overflow Vulnerability
Technical Description



A vulnerability has been identified in Nullsoft Winamp, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the "in_midi.dll" library that does not properly handle malformed Midi file headers, which could be exploited by remote attackers to crash a vulnerable application or execute arbitrary commands by convincing a user to visit a malicious web page or open a specially crafted ".mid" file.



Affected Products



Nullsoft Winamp version 5.21 and prior



Solution



Upgrade to Nullsoft Winamp version 5.22 or later :

http://www.winamp.com/player/index.php

더보기

댓글,