Winamp (5.61 - 5.623) Audio Video Interleave (AVI) Multiple Denial of Service Vulnerabilities

Winamp (5.61 - 5.623) Audio Video Interleave (AVI) Multiple Denial of Service Vulnerabilities fuzzing, security, blackbox, tests, winamp.exe, DoS, AVI Winamp (5.61 - 5.623) Audio Video Interleave (AVI) Multiple Denial of Service Vulnerabilities FMA-2011-008 Winamp 5.623 http://www.winamp.com winamp.exe 5.6.2.3199 AD7ADADC77482FCB855B279CA0204E2A in_avi.dll Original 4BA77D39DA74EB0D1102952D20711975 in_avi.dll First fixes 0EE7B79222D4BD269B476FC0F1AC31E0 Windows XP SP3 Home Edition Windows XP SP3 Professional Edition Windows 7 SP1 Home Premium 2011.03.27 2012.03.26 2012.07.10 Denial of Service during processing malformed AVI sample, caused by null pointer dereference in in_avi.dll module at address 0x075A40F1. DoS Access violation exception is caused by reading DWORD value from null pointer. Access violation exception when reading. 075A40EE 8B47 04 MOV EAX,DWORD PTR DS:[EDI+4] 075A40F1 8B40 14 MOV EAX,DWORD PTR DS:[EAX+14] ; null pointer dereference 075A40F4 8945 EC MOV DWORD PTR SS:[EBP-14],EAX 075A40F7 8D4D EC LEA ECX,DWORD PTR SS:[EBP-14] 075A40FA B8 74E35A07 MOV EAX,in_avi_1.075AE374 075A40FF E8 67090000 CALL in_avi_1.075A4A6B image01s.png 100 61 image01.png Access violation exception when reading Access violation exception when reading Denial of Service during processing malformed AVI sample, caused by integer division by zero in in_avi.dll module at address 0x075A89D4. DoS Integer division by zero. Integer division by zero. 075A89CA 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] ; ECX == 0 075A89CE 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] ; EAX == 0 075A89D2 33D2 XOR EDX,EDX ; EDX == 0 075A89D4 F7F1 DIV ECX ; Integer division by zero image02s.png 100 61 image02.png Integer division by zero exception Integer division by zero exception Denial of Service during processing malformed AVI sample, caused by integer division by zero in in_avi.dll module at address 0x018289F4. DoS FuzzMyApp received fixed version of in_avi.dll plugin for verification purposes. After a quick fuzzing of the new plugin, we came up with new vulnerable samples. The new sample was a copy of previous vulnerability: Denial of Service during processing malformed AVI sample, caused by integer division by zero in in_avi.dll module at address 0x075A89D4. Integer division by zero exception 018289EA 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] ; ECX == 0 018289EE 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] ; EAX == 0 018289F2 33D2 XOR EDX,EDX ; EDX == 0 018289F4 F7F1 DIV ECX ; Integer division by zero image03s.png 100 74 image03.png Integer division by zero exception Integer division by zero exception