CVE-2014-3442 – Winamp - '.flv' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3442
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s. Winamp 5.666 y anteriores permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída) a través de un archivo .FLV malformado, relacionado con f263.w5s. WinAMP versions 5.666 build 3516 and below suffer from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/39180 http://packetstormsecurity.com/files/126636 http://www.securityfocus.com/bid/67429 https://exchange.xforce.ibmcloud.com/vulnerabilities/93173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4694 – Winamp 5.63 - Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-4694
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk. Desbordamiento de buffer basado en pila en gen_jumpex.dll en Winamp anterior a 5.64 Build 3418 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un paquete con un nombre de directorio Skin largo. NOTA: un segundo desbordamiento de buffer involucrando un campo de búsqueda GUI largo hacia ml_local.dll fue también reportado. • https://www.exploit-db.com/exploits/26558 https://www.exploit-db.com/exploits/27874 http://forums.winamp.com/showthread.php?t=364291 http://osvdb.org/94739 http://osvdb.org/94740 http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.html http://packetstormsecurity.com/files/122978 http://seclists.org/fulldisclosure/2013/Jul/4 http://www.exploit-db.com/exploits/26558 http://www.securityfocus.com/bid/60883 http://www.securitytracker.com/id/1030107 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4045
https://notcve.org/view.php?id=CVE-2012-4045
Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. Múltiples desbordamientos de bufer basado en bmp.w5s en Winamp v5.63 anterior a build 3235, permite a atacantes remotos ejecutar código arbitrario a través de la porción (1) STRF en BI_RGB o (2) los datos de vídeo UYVY en un archivo AVI, o (3) descomprime TechSmith captura de Pantalla Codec (TSCC) de datos en un archivo AVI. • http://forums.winamp.com/showthread.php?t=345684 http://secunia.com/advisories/46624 http://www.securityfocus.com/bid/54131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15335 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-3890
https://notcve.org/view.php?id=CVE-2012-3890
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod en Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinamica 'heap') o posiblemente tener un impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 http://secunia.com/advisories/46624 http://www.securityfocus.com/bid/54131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-3889
https://notcve.org/view.php?id=CVE-2012-3889
The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. El plug-in in_mod de Winamp antes de v5.63 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un fichero .IT. • http://forums.winamp.com/showthread.php?t=345684 http://secunia.com/advisories/46624 http://www.securityfocus.com/bid/54131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •