Nullsoft · Winamp · CVE-2009-1831
Name of the Vulnerable Software and Affected Versions:
Nullsoft Winamp versions prior to 5.552
Description:
The issue allows remote attackers to execute arbitrary code via a crafted MAKI file. This is due to an incorrect sign extension, an integer overflow, and a stack-based buffer overflow in the Nullsoft Modern Skins Support module (gen ff.dll).
Recommendations:
For versions prior to 5.552, update to version 5.552 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted MAKI files until the update is applied.