Lucene search
RootSSV:26049HistoryDec 14, 2011 - 12:00 a.m.
Winamp 5.x 整数溢出漏洞
2011-12-1400:00:00
Root
www.seebug.org
12
EPSS
0.327
Percentile
97.1%
Bugtraq ID: 51015
CVE ID:CVE-2011-3834
Winamp是一款流行的媒体播放器。
Winamp存在多个安全漏洞,允许攻击者以应用程序上下文执行任意代码。
-当使用流头字段数值分配内存时in_avi.dll插件存在整数溢出,通过特制的AVI文件可触发基于堆的缓冲区溢出。
-当使用RIFF INFO块大小值分配内存时in_avi.dll插件存在整数溢出,通过特制的AVI文件可触发基于堆的缓冲区溢出。
-解析Impulse Tracker (IT)文件中歌曲消息数据时in_mod.dll插件存在错误,可被触发基于堆的缓冲区溢出
NullSoft Winamp 5.x
厂商解决方案
NullSoft Winamp 5.623已经修复此漏洞,建议用户下载使用:
http://forums.winamp.com/showthread.php?t=332010
Related
securityvulns
securityvulns
WinAmp integer overflows
2011-12-12 00:00:00
Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
2011-12-12 00:00:00
prion
prion
Integer overflow
2011-12-16 19:55:00
cvelist
cvelist
CVE-2011-3834
2011-12-16 19:00:00
checkpoint_advisories
checkpoint_advisories
Nullsoft Winamp RIFF INFO Record Heap Buffer Overflow (CVE-2011-3834)
2012-05-14 00:00:00
Nullsoft Winamp AVI Stream Count Integer Overflow (CVE-2011-3834)
2012-04-16 00:00:00
Nullsoft Winamp RIFF INFO Record Heap Buffer Overflow - Ver2 (CVE-2011-3834)
2014-03-31 00:00:00
nessus
nessus
Winamp < 5.623 Multiple Integer Overflows
2011-12-21 00:00:00
nvd
nvd
CVE-2011-3834
2011-12-16 19:55:00
cve
cve
CVE-2011-3834
2011-12-16 19:55:00
seebug
seebug
Winamp 5.x 多个整数溢出漏洞
2011-12-24 00:00:00
openvas
openvas
Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities
2011-12-22 00:00:00
Winamp AVI And IT Files Parsing Buffer Overflow Vulnerabilities
2011-12-22 00:00:00