Flaw discovered in Winamp
Getting regular updates of flaws in Windows Operating System is nothing new. Microsoft releases their fair share of patches for Internet Explorer quiet so frequently. However, another hugely popular application Winamp is the victim of a security glitch now.
Winamp users are at risk of remote code execution attacks as per reports from the security firm Secunia which rates the problem as highly critical. The reported versions affected are Winamp 5.05 and 5.06. However, older version also might be affected by it.
The company Security-Assessment.com that found the problem reports: “When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code. The vulnerability exists due to a boundary error in the IN_CDDA.dll file.”
Winamp is no longer under active development at AOL’s Nullsoft division with most of the original developers having left the project. Nevertheless, a bug this critical might get AOL to take notice and get an update released in the coming days. In the time being, users can prevent any potential risk by disassociating cda and m3u extensions from Winamp
|
TechWhack on Facebook
|
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.