Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Nullsoft Winamp 5.552
Nullsoft Winamp 5.551
Nullsoft Winamp 5.541
Nullsoft Winamp 5.531
Nullsoft Winamp 5.112
Nullsoft Winamp 5.111
Nullsoft Winamp 5.094
Nullsoft Winamp 5.093
Nullsoft Winamp 5.091
Nullsoft Winamp 5.58
Nullsoft Winamp 5.57
Nullsoft Winamp 5.56
Nullsoft Winamp 5.55
Nullsoft Winamp 5.54
Nullsoft Winamp 5.53
Nullsoft Winamp 5.52
Nullsoft Winamp 5.51
Nullsoft Winamp 5.36
Nullsoft Winamp 5.35
Nullsoft Winamp 5.34
Nullsoft Winamp 5.33
Nullsoft Winamp 5.32
Nullsoft Winamp 5.31
Nullsoft Winamp 5.24
Nullsoft Winamp 5.23
Nullsoft Winamp 5.22
Nullsoft Winamp 5.21
Nullsoft Winamp 5.13
Nullsoft Winamp 5.12
Nullsoft Winamp 5.11
Nullsoft Winamp 5.09
Nullsoft Winamp 5.08e
Nullsoft Winamp 5.08d
Nullsoft Winamp 5.08c
Nullsoft Winamp 5.08 E (not an official CPE)
Nullsoft Winamp 5.08 D (not an official CPE)
Nullsoft Winamp 5.08 C (not an official CPE)
Nullsoft Winamp 5.08 (not an official CPE)
Nullsoft Winamp 5.07
Nullsoft Winamp 5.06
Nullsoft Winamp 5.5
Nullsoft Winamp 5.04
Nullsoft Winamp 5.03a (not an official CPE)
Nullsoft Winamp 5.03
Nullsoft Winamp 5.02
Nullsoft Winamp 5.1 Surround Edition
Nullsoft Winamp 5.01
Nullsoft Winamp 5.0.2 (not an official CPE)
Nullsoft Winamp 5.0.1 (not an official CPE)
Nullsoft Winamp 5.0
Nullsoft Winamp 3.1 (not an official CPE)
Nullsoft Winamp 3.0 (not an official CPE)
Nullsoft Winamp 2.95
Nullsoft Winamp 2.92
Nullsoft Winamp 2.91
Nullsoft Winamp 2.90 (not an official CPE)
Nullsoft Winamp 2.81 (not an official CPE)
Nullsoft Winamp 2.80 (not an official CPE)
Nullsoft Winamp 2.79 (not an official CPE)
Nullsoft Winamp 2.78 (not an official CPE)
Nullsoft Winamp 2.77 (not an official CPE)
Nullsoft Winamp 2.76 (not an official CPE)
Nullsoft Winamp 2.75 (not an official CPE)
Nullsoft Winamp 2.74 (not an official CPE)
Nullsoft Winamp 2.73 Full (not an official CPE)
Nullsoft Winamp 2.73 (not an official CPE)
Nullsoft Winamp 2.72 (not an official CPE)
Nullsoft Winamp 2.71 (not an official CPE)
Nullsoft Winamp 2.70 Full (not an official CPE)
Nullsoft Winamp 2.70 (not an official CPE)
Nullsoft Winamp 2.65 (not an official CPE)
Nullsoft Winamp 2.64 Standard (not an official CPE)
Nullsoft Winamp 2.64 (not an official CPE)
Nullsoft Winamp 2.62 Standard (not an official CPE)
Nullsoft Winamp 2.62 (not an official CPE)
Nullsoft Winamp 2.61 Full (not an official CPE)
Nullsoft Winamp 2.61 (not an official CPE)
Nullsoft Winamp 2.60 Lite (not an official CPE)
Nullsoft Winamp 2.60 Full (not an official CPE)
Nullsoft Winamp 2.60 (not an official CPE)
Nullsoft Winamp 2.50 (not an official CPE)
Nullsoft Winamp 2.24 (not an official CPE)
Nullsoft Winamp 2.10
Nullsoft Winamp 2.9
Nullsoft Winamp 2.7x (not an official CPE)
Nullsoft Winamp 2.6x (not an official CPE)
Nullsoft Winamp 2.6
Nullsoft Winamp 2.5e (not an official CPE)
Nullsoft Winamp 2.4 (not an official CPE)
Nullsoft Winamp 2.0
Nullsoft Winamp 1.90
Nullsoft Winamp 1.006
Nullsoft Winamp 0.92
Nullsoft Winamp 0.20a
Nullsoft Winamp 5.572
Nullsoft Winamp 5.581
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| 20101027 Secunia Research: Winamp VP6 Content Parsing Bu... | |||
| 44466 | |||
| http://forums.winamp.com/showthread.php?t=322995 |
Improper Restriction of Operations within the Bounds of a Memory Buffer (ID 119)
Related CAPEC 11
Buffer Overflow via Environment Variables (CAPEC-ID 10)
Overflow Buffers (CAPEC-ID 100)
Client-side Injection-induced Buffer Overflow (CAPEC-ID 14)
Filter Failure through Buffer Overflow (CAPEC-ID 24)
MIME Conversion (CAPEC-ID 42)
Overflow Binary Resource File (CAPEC-ID 44)
Buffer Overflow via Symbolic Links (CAPEC-ID 45)
Overflow Variables and Tags (CAPEC-ID 46)
Buffer Overflow via Parameter Expansion (CAPEC-ID 47)
Buffer Overflow in an API Call (CAPEC-ID 8)
Buffer Overflow in Local Command-Line Utilities (CAPEC-ID 9)