Remote code execution in Winamp

Published: 2018-01-09

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2017-10728
CWE-ID	CWE-119
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Winamp Client/Desktop applications / Multimedia software
Vendor	Nullsoft

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Memory corruption

EUVDB-ID: #VU12818

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-10728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can trick the victim into opening a specially crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d", trigger memory corruption and cause the service to crash or execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Winamp: 5.666 Build 3516

CPE2.3

cpe:2.3:a:nullsoft:winamp:5.666 Build 3516:*:*:*:*:*:*:*

External links

https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10728

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.