BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   ieXbeta News (http:\\b1.hcanet.com\forum/forumdisplay.php?f=7)
-   -   Critical Winamp Vulnerability (http:\\b1.hcanet.com\forum/showthread.php?t=14728)

NewsBot 25th Nov 04 05:00 PM
Critical Winamp Vulnerability
 
Security researchers are warning of a serious - and unfixed - security hole with the popular Winamp media player.

A remotely exploitable stack based buffer overflow creates a means for hackers to take over machines running Winamp- providing they can trick users into running maliciously constructed files. For example, a malformed .m3u playlist file, hosted on a web site, would be automatically downloaded and opened in Winamp without any user interaction. The vulnerability, discovered by pen testers at Security-Assessment.com, arises from a buffer overflow in library file (called IN_CDDA.dll) used by Winamp.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions might also be affected, security firm Secunia warns. A proof of concept exploit was released yesterday by security outfit K-OTik. K-otik advises users to uninstall Winamp or at the very least disassociate .cda and .m3u extensions from Winamp until the bug is fixed.

News source: ieXbeta
Full story: View Here


All times are GMT +1. The time now is 05:01 AM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.