Heap-Based Buffer Overflow in Winamp Affects Multiple Versions
CVE-2012-4045

Currently unrated

Key Information:

Vendor: Nullsoft
Status: Winamp
Vendor: CVE Published:; 22 July 2012

What is CVE-2012-4045?

Multiple heap-based buffer overflows exist in the bmp.w5s component of Winamp prior to version 5.63 build 3235. These vulnerabilities enable remote attackers to execute arbitrary code by crafting specific AVI files containing strf chunks in BI_RGB format, UYVY video data, or decompressed TechSmith Screen Capture Codec (TSCC) data. Successful exploitation can lead to unauthorized access and control over affected systems.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://forums.winamp.com/showthread.php?t=345684

x_refsource_CONFIRM

http://secunia.com/advisories/46624

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2012
Vulnerability Reserved
Jul 22, 2012

Nullsoft

What is CVE-2012-4045?

References

Timeline