Critical Flaw found in Winamp 5.06 and earlier

Discussion in 'Software Q&A' started by svk, Nov 28, 2004.

Thread Status:
Not open for further replies.
  1. svk

    svk New Member

    Joined:
    Sep 17, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Cochin
    According to the article on eWeek, a new critical vulnerability, where an attacker could execute arbitary code, has been discovered on the latest version of Winamp. One can only wonder when (if) the patch is going to be released after the original development team has abandonned the player.

    Users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.

    The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.

    Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.

    "When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said.

    The vulnerability exists due to a boundary error in the "IN_CDDA.dll" file," the company said.

    source :http://www.eweek.com/article2/0,1759,1731923,00.asp
     
  2. go4inet

    go4inet New Member

    Joined:
    Feb 18, 2004
    Messages:
    300
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Chennai
    Hey Svk ?

    Wats the problem with u ? This is a old news and ur posting it now ?
    And please reduce your spam post, they are becomingg higher everyday ! This was released some 5 days back man !
     
  3. OP
    OP
    svk

    svk New Member

    Joined:
    Sep 17, 2004
    Messages:
    125
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Cochin
    was it an old new? sorry dude , never knew it. sorry 4 the message. i wasnt spamming. i thought it as an good topic.
     
Thread Status:
Not open for further replies.

Share This Page