Release DateDec 30, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates an attack attempt to exploit one of multiple Integer Overflow vulnerabilities in Nullsoft Winamp.The vulnerability is due to an error when the vulnerable software handles a maliciously crafted .AVI file with a malformed chunk structure or stream value. As a result, a remote attacker may be able to execute arbitrary code within the context of the application, via a crafted AVI file. |
Affected ProductsNullsoft Winamp 5.622 and earlier versions |
Recommended ActionsApply patch available from the website.http://forums.winamp.com/showthread.php?t=332010 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3834 |
