Intrusion Prevention

Multiple.Media.Player.MIDI.File.DoS

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in multiple media player applications.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted MIDI file. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Affected Products

K-Lite Mega Codec Pack 5.8
NullSoft Winamp 5.0 91
NullSoft Winamp 5.0 9
NullSoft Winamp 5.0 8c
NullSoft Winamp 5.0 8
NullSoft Winamp 5.0 7
NullSoft Winamp 5.0 6
NullSoft Winamp 5.0 5
NullSoft Winamp 5.0 4
NullSoft Winamp 5.0 3a
NullSoft Winamp 5.0 3
NullSoft Winamp 5.0 2
NullSoft Winamp 5.0 1
NullSoft Winamp 5.31
NullSoft Winamp 5.3
NullSoft Winamp 5.24
NullSoft Winamp 5.22
NullSoft Winamp 5.21
NullSoft Winamp 5.2
NullSoft Winamp 5.13
NullSoft Winamp 5.12
NullSoft Winamp 5.11
NullSoft Winamp 5.094
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows Media Player 10.0
Microsoft Windows Media Player 6.4
Microsoft Windows Explorer 0
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References

CVE-2008-4927