Critical Flaw found in Winamp 5.06 and earlier

Status
Not open for further replies.

svk

Journeyman
According to the article on eWeek, a new critical vulnerability, where an attacker could execute arbitary code, has been discovered on the latest version of Winamp. One can only wonder when (if) the patch is going to be released after the original development team has abandonned the player.

Users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.

The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.

Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.

"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said.

The vulnerability exists due to a boundary error in the "IN_CDDA.dll" file," the company said.

source :*www.eweek.com/article2/0,1759,1731923,00.asp
 

go4inet

In the zone
Hey Svk ?

Wats the problem with u ? This is a old news and ur posting it now ?
And please reduce your spam post, they are becomingg higher everyday ! This was released some 5 days back man !
 
OP
S

svk

Journeyman
was it an old new? sorry dude , never knew it. sorry 4 the message. i wasnt spamming. i thought it as an good topic.
 
Status
Not open for further replies.
Top Bottom