0 Members and 1 Guest are viewing this topic.
The rather old-school vulnerabilities involve a brace of integer overflow cockups in the in_avi.dll plug-in and a heap-based buffer overflow vulnerability in the in_mod.dll plug-in library. All three flaws create a means to inject hostile code into systems running vulnerable versions of the software, which is developed by Nullsoft, a division of AOL Music. Exploits would involve tricking victims into attempting to play malformed media files.