Description
The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value.
Product(s):
- Nullsoft Winamp 2.81
- Nullsoft Winamp 2.91
- Nullsoft Winamp 3.0
- Nullsoft Winamp 3.1
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0765, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0765 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.