Via SourceFire VRT -
About two months ago, we found a vulnerability in the Winamp 5.55 MAKI script parsing module. We reported our findings to AOL. AOL then released Winamp version 5.552 with the fix. Here are the details:
Winamp MAKI Parsing Integer Overflow Vulnerability
Vendor:
AOL/Nullsoft
Severity:
High
Systems Affected:
Winamp 5.55 and prior versions that support Modern Skins.
Overview:
A vulnerability exists in Winamp. The vulnerability is due to an incorrect type cast while parsing a .maki file (a compiled script file), causing a buffer overflow. An attacker could provide a user with a modern skin (via a webpage download for example) that uses the maki script to execute arbitrary code within the context of the current user.
--------------------------
PoC Exploit = http://www.milw0rm.com/exploits/8767
No comments:
Post a Comment