BetaONE will rise again!


 
Prev Previous Post   Next Post Next
  #1  
Old 28th Nov 04, 07:00 AM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,858
NewsBot will become famous soon enough
Critical Flaw found in Winamp 5.06 and earlier
Thanks GameGuy21 and matthelmi for this. According to the article on eWeek, a new critical vulnerability, where an attacker could execute arbitary code, has been discovered on the latest version of Winamp. One can only wonder when (if) the patch is going to be released after the original development team has abandonned the player.

Users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.

The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.

Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.

"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said.

The vulnerability exists due to a boundary error in the "IN_CDDA.dll" file," the company said.

View: Read more at eWeek for a suggested temporary solution

News source: Neowin
Full story: View Here
Reply With Quote
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump


All times are GMT +1. The time now is 05:14 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.