CVE-2011-3834

Name of the Vulnerable Software and Affected Versions Winamp versions prior to 5.623

Description The issue is caused by multiple integer overflows in the in avi.dll plugin, which can be exploited by remote attackers via an AVI file with crafted values for the number of streams or the size of the RIFF INFO chunk, leading to a heap-based buffer overflow. This allows attackers to execute arbitrary code.

Recommendations For versions prior to 5.623, update to version 5.623 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the in avi.dll plugin until a patch is applied. Restrict access to AVI files from untrusted sources to minimize the risk of exploitation.