nSense Vulnerability Research Security Advisory NSENSE-2010-005 --------------------------------------------------------------- Affected Vendor: Nullsoft Affected Product: Winamp 5.581 (possibly older versions) Platform: Windows Impact: Local code execution Vendor response: Patch CVE: CVE-2010-4370 CVSS2: 9.3 - (AV:N/AC:M/Au:N/C:C/I:C/A:C) Credit: JODE Technical details --------------------------------------------------------------- A MIDI file format parsing vulnerability exists in the in_midi plugin and can be exploited with a specially crafted input file. The plugin suffers from an integer wrapping flaw which leads to a heap overflow. If an attacker is able to entice the user to open a malicious file, successful exploitation leads to code being executed in the context of the logged in user. Solution Upgrade to 5.6 or later. More information http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4370 http://forums.winamp.com/showthread.php?threadid=159785 Timeline: November 18th Contacted vendor November 18th Vendor responded November 24th More information sent to vendor December 1st Vendor released the fix December 20th Advisory released Links: http://www.nsense.fi http://www.nsense.dk $$s$$$$s. ,s$$$$s ,S$$$$$s. $$s$$$$s. ,s$$$$s ,S$$$$$s. $$$ `$$$ ($$( $$$ `$$$ $$$ `$$$ ($$( $$$ `$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ `^$$s. $$$$$$$$$ $$$ $$$ )$$) $$$ $$$ $$$ )$$) $$$ $$$ $$$ ^$$$$$$7 `7$$$$$P $$$ $$$ ^$$$$$$7 `7$$$$$P D r i v e n b y t h e c h a l l e n g e _