BetaONE will rise again!


 
  #1  
Old 25th Nov 04, 06:00 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,940
NewsBot will become famous soon enough
Critical Winamp Vulnerability
Security researchers are warning of a serious - and unfixed - security hole with the popular Winamp media player.

A remotely exploitable stack based buffer overflow creates a means for hackers to take over machines running Winamp- providing they can trick users into running maliciously constructed files. For example, a malformed .m3u playlist file, hosted on a web site, would be automatically downloaded and opened in Winamp without any user interaction. The vulnerability, discovered by pen testers at Security-Assessment.com, arises from a buffer overflow in library file (called IN_CDDA.dll) used by Winamp.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions might also be affected, security firm Secunia warns. A proof of concept exploit was released yesterday by security outfit K-OTik. K-otik advises users to uninstall Winamp or at the very least disassociate .cda and .m3u extensions from Winamp until the bug is fixed.

News source: ieXbeta
Full story: View Here
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Winamp 5.06 NewsBot ieXbeta News 0 19th Nov 04 12:30 PM
Death Knell Sounds for Nullsoft, Winamp NewsBot ieXbeta News 0 11th Nov 04 08:30 PM
Death Knell Sounds for Nullsoft, Winamp NewsBot BetaONE News 0 11th Nov 04 08:30 PM
Vulnerability in Microsoft Proxy Server 2.0 NewsBot NeoWin News 0 10th Nov 04 09:00 AM
Vulnerability hits Java for cell phones NewsBot NeoWin News 0 24th Oct 04 04:00 AM


All times are GMT +1. The time now is 08:42 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.