Signature Detail

APP: Nullsoft Winamp RIFF INFO Record Heap Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Nullsoft Winamp. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Extended Description

Winamp is prone to multiple integer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected Products

• NullSoft Winamp 5.0.0 1
• NullSoft Winamp 5.0.0 2
• NullSoft Winamp 5.0.0 3
• NullSoft Winamp 5.0.0 3A
• NullSoft Winamp 5.0.0 4
• NullSoft Winamp 5.0.0 5
• NullSoft Winamp 5.0.0 6
• NullSoft Winamp 5.0.0 7
• NullSoft Winamp 5.0.0 8
• NullSoft Winamp 5.0.0 8C
• NullSoft Winamp 5.0.0 9
• NullSoft Winamp 5.0.0 91
• NullSoft Winamp 5.094
• NullSoft Winamp 5.11
• NullSoft Winamp 5.12
• NullSoft Winamp 5.13
• NullSoft Winamp 5.2
• NullSoft Winamp 5.21
• NullSoft Winamp 5.22
• NullSoft Winamp 5.24
• NullSoft Winamp 5.3
• NullSoft Winamp 5.31
• NullSoft Winamp 5.3.2
• NullSoft Winamp 5.33
• NullSoft Winamp 5.34
• NullSoft Winamp 5.34A
• NullSoft Winamp 5.35
• NullSoft Winamp 5.5
• NullSoft Winamp 5.51
• NullSoft Winamp 5.52
• NullSoft Winamp 5.54
• NullSoft Winamp 5.541
• NullSoft Winamp 5.55
• NullSoft Winamp 5.552
• NullSoft Winamp 5.56
• NullSoft Winamp 5.6
• NullSoft Winamp 5.601
• NullSoft Winamp 5.61
• NullSoft Winamp 5.6.1
• NullSoft Winamp 5.621
• NullSoft Winamp 5.622

References

• BugTraq: 51015
• CVE: CVE-2011-3834
• URL: http://forums.winamp.com/showthread.php?t=332010