Sunday, November 28, 2004
Critical Flaw Found In WinAmp
Posted by Kent Pribbernow in "NEWS" @ 12:00 PM
'Users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm. The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected. Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file. "When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said."
Between this and previous news that WinAMP development has ceased, it's not looking good for the once popular and pioneering media player for Windows. :?
Between this and previous news that WinAMP development has ceased, it's not looking good for the once popular and pioneering media player for Windows. :?
