Winamp blighted by bug brace
Print storyLament over Ultravox vuln
Posted in Security, 21st January 2008 15:49 GMT
Webcast: Building Applications for the 21st Century
A brace of bugs in Winamp pose a serious security risk for users of the popular media player package, security watchers warn.
The buffer overflow-related flaws in Winamp 5.x create a means for hackers to take over vulnerable systems. Flaws in a library (in_mp3.dll) involved in parsing Ultravox streaming metadata open up the door to abuse, security notification firm Secunia warns. "These boundary errors can be exploited to cause stack-based buffer overflows via overly long '<artist>' and '<name>' tag values in the <metadata> section," it explains.
Secunia, whose researchers discovered the bugs, adds that successful exploitation allows the execution of arbitrary code. The vulnerabilities have been confirmed in versions 5.21, 5.5, and 5.51 of Winamp. Other versions may also be affected.
Users are advised to upgrade to Winamp version 5.52. Winamp is developed by Nullsoft, a subsidiary of AOL Music. ®
The Register Guide to Extended Validation
LDAP Injection [3-2APZ1KL]
Preventing Google Hacking [3-2APYMGU]
Web application security [3-2APYM3X]
Building Web Application Security into Your Development Process [3-2APYMBV]
Inmate hacked prison network, broke into employee database
Miscreants hijacking machines via (freshly patched) Adobe flaw
Martial law planned for Craigslist's red-light district
Cocaine addicted IT manager hacks ex-employer's mail servers