AfterDawn: News

Critical Winamp security flaw found and fixed

Another "extremely critical" security flaw has been found in AOL's Winamp digital media player. It relates to how the player handles filenames that include a computer name. The vulnerability "can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name," according to an advisory by Secunia. An attack can lead to arbitrary code being run on a user's computer. An exploit has already surfaced for the flaw, which affects version 5 of the software.

Winamp users will be happy to know that there was no time wasted in fixing this flaw. Winamp v5.13 has been released and all users are advised to update immediately. The exploit was created by ATmaCA, and uses a specially crafted playlist file to overflow the player. The PLS file can simply be loaded remotely through an IFRAME on a Web site.



You can download the latest version of Winamp from: https://www.afterdawn.com/software/audio_software/audio_players/winamp_v5.cfm

Source:
Betanews

Written by: James Delahunty @ 31 Jan 2006 20:21

• Previous article

• Los Angeles sues Take-Two Interactive

• Next article

• UK software pirates targeted

• 5 comments

• borhan9

  Im glad that they got to it quick but i find it too be a nifty lil trick :)

  1.2.2006 02:34 #1

• Mr_Taz_UK

  Might help if you put a little more detiail here so ppl know what your talking about.
  

  
  Welcome - For New Users http://forums.afterdawn.com/thread_view.cfm/183136
  Please try a search before posting http://forums.afterdawn.com/search/
  Join us live online here http://adbuddies.ccsau.com/chat/index.html
  

  1.2.2006 02:49 #2

• borhan9

  @Mr_Taz_UK
  
  Mate this is a comment i made after reading the news article that comes with it u can find it here.
  
  http://www.afterdawn.com/news/archive/7262.cfm
  
  After reading the article it will make more sense :)
  

  "THE MEDIOCRE TEACHER TELLS.
  THE GOOD TEACHER EXPLAINS.
  THE SUPERIOR TEACHER DEMONSTRATES.
  THE GREAT TEACHER INSPIRES."
  
  -"William Arthur Ward"
  
  Ace
  
  Scuba Pete's Guide http://www.dvdplusvideo.com/tutorial007.html
  bbmayo's Guide http://home.comcast.net/~bbmayo/index.html
  The Best Search Engine http://www.google.com.au

  1.2.2006 10:17 #3

• Mr_Taz_UK

  ah, I'll get my coat.
  
  Weird thing is i opened your post in the 'threads without a reply' section and the news article was not with it. One fer the staff here to look ay maybe.
  
  Soz for the confusion.

  2.2.2006 00:31 #4

• borhan9

  No problem mate, well its always good for the members to find a glitch to help the admin out :)
  
  No Worries

  2.2.2006 01:06 #5