Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:MAL-AIFF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Malformed AIFF File

Release Date

 2010/10/04

Update Number

 1784

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Malformed AIFF File


This signature detects attempts to exploit a known vulnerability in the AIFF file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client application.

Extended Description

Winamp is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Versions up to and including Winamp 5.541 are vulnerable.

Affected Products

  • NullSoft Winamp 2.10.0
  • NullSoft Winamp 2.24.0
  • NullSoft Winamp 2.4.0
  • NullSoft Winamp 2.50.0
  • NullSoft Winamp 2.5.0 e
  • NullSoft Winamp 2.5.0 E
  • NullSoft Winamp 2.60.0 (full)
  • NullSoft Winamp 2.60.0 (lite)
  • NullSoft Winamp 2.6.0 4
  • NullSoft Winamp 2.61.0 (full)
  • NullSoft Winamp 2.62.0 (standard)
  • NullSoft Winamp 2.64.0 (standard)
  • NullSoft Winamp 2.65.0
  • NullSoft Winamp 2.70.0
  • NullSoft Winamp 2.70.0 (full)
  • NullSoft Winamp 2.71.0
  • NullSoft Winamp 2.72.0
  • NullSoft Winamp 2.73.0
  • NullSoft Winamp 2.73.0 (full)
  • NullSoft Winamp 2.74.0
  • NullSoft Winamp 2.75.0
  • NullSoft Winamp 2.76.0
  • NullSoft Winamp 2.77.0
  • NullSoft Winamp 2.78.0
  • NullSoft Winamp 2.79.0
  • NullSoft Winamp 2.80.0
  • NullSoft Winamp 2.81.0
  • NullSoft Winamp 2.91.0
  • NullSoft Winamp 3.0.0
  • NullSoft Winamp 3.1.0
  • NullSoft Winamp 5.0.0 1
  • NullSoft Winamp 5.0.0 2
  • NullSoft Winamp 5.0.0 3
  • NullSoft Winamp 5.0.0 3A
  • NullSoft Winamp 5.0.0 4
  • NullSoft Winamp 5.0.0 5
  • NullSoft Winamp 5.0.0 6
  • NullSoft Winamp 5.0.0 7
  • NullSoft Winamp 5.0.0 8
  • NullSoft Winamp 5.0.0 8C
  • NullSoft Winamp 5.0.0 9
  • NullSoft Winamp 5.0.0 91
  • NullSoft Winamp 5.094
  • NullSoft Winamp 5.11
  • NullSoft Winamp 5.12
  • NullSoft Winamp 5.13
  • NullSoft Winamp 5.2
  • NullSoft Winamp 5.21
  • NullSoft Winamp 5.22
  • NullSoft Winamp 5.24
  • NullSoft Winamp 5.3
  • NullSoft Winamp 5.31
  • NullSoft Winamp 5.3.2
  • NullSoft Winamp 5.33
  • NullSoft Winamp 5.34
  • NullSoft Winamp 5.34A
  • NullSoft Winamp 5.35
  • NullSoft Winamp 5.5
  • NullSoft Winamp 5.51
  • NullSoft Winamp 5.52
  • NullSoft Winamp 5.54
  • NullSoft Winamp 5.541

References

  • BugTraq: 33226
  • CVE: CVE-2009-0263

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out