Winamp Security Vulnerability. Upgrade immediately!
PostPosted: Wed Feb 01, 2006 3:33 pm
Hey all,
Looks like winamp has a bug in it. If you don't upgrade, a malicious website could feed winamp a nasty file, giving a remote user access to your computer. Take the advice here and upgrade to 5.13. You can do so at:
http://www.winamp.com/player/
Regards,
Mith
PS: Here's the advisory for anyone interested.
Looks like winamp has a bug in it. If you don't upgrade, a malicious website could feed winamp a nasty file, giving a remote user access to your computer. Take the advice here and upgrade to 5.13. You can do so at:
http://www.winamp.com/player/
Regards,
Mith
PS: Here's the advisory for anyone interested.
cert wrote: National Cyber Alert System
Technical Cyber Security Alert TA06-032A
Winamp Playlist Buffer Overflow
Original release date: February 1, 2006
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows systems with Winamp 5.12 or earlier
Overview
America Online has released Winamp 5.13 to correct a buffer overflow
vulnerability. Exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code with the privileges of the user.
I. Description
Winamp is a media player that is commonly used to play MP3 files.
Winamp 5.13 resolves a buffer overflow vulnerability in how playlist
files are handled. Details are available in the following
Vulnerability Note:
VU#604745 - Winamp fails to properly handle playlists with long
computer names
Winamp contains a buffer overflow vulnerability when processing a
playlist that specifies a long computer name. This may allow a remote
unauthenticated attacker to execute arbitrary code on a vulnerable
system.
II. Impact
By convincing a user to open a specially crafted playlist file, a
remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the user. Winamp may open a playlist file
without any user interaction as the result of viewing a web page or
other HTML document.
III. Solution
Upgrade
Upgrade to Winamp 5.13.
