Multiple vulnerabilities have been discovered in Winamp, which can be exploited by malicious people to compromise a user's system.

1) An integer underflow error when processing System Exclusive (SysEx) MIDI messages can be exploited to cause a heap-based buffer overflow via a specially crafted MIDI file.

2) An integer underflow error in vp6.w5s when parsing media files encoded with the On2 TrueMotion VP6 codec where the "version" field value is greater than 8 can be exploited to cause a heap-based buffer overflow via a specially crafted FLV file.

3) An error in vp6.w5s when parsing screen dimensions can be exploited to corrupt memory via a specially crafted NSV file.

4) An error in in_mod.dll can be exploited to corrupt memory via a specially crafted IT file.

5) An error in in_midi.dll when handling "Controller" messages with invalid controller numbers can be exploited to cause a stack-based buffer overflow via a specially crafted MIDI file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities is confirmed in version 5.61. Other versions may also be affected.

Solution
Update to version 5.62.

Provided and/or discovered by
1) Alexander Gavrun
2-5) Luigi Auriemma

Changelog
Further details available to Secunia VIM customers

Original Advisory
Winamp:
http://forums.winamp.com/showthread.php?s=&threadid=159785

Alexander Gavrun:
http://0x1byte.blogspot.com/2011/05/winamp-inmidi-component-heap-overflow.html

Luigi Auriemma:
http://aluigi.altervista.org/adv/winamp_2-adv.txt
http://aluigi.altervista.org/adv/winamp_3-adv.txt

Deep Links
Links available to Secunia VIM customers