Winamp Security Vulnerability. Upgrade immediately!

The geek forum. PHP, Perl, HTML, hardware questions etc.. it's all in here. Got a techie question? We'll sort you out. Ask your questions or post a link to your own site here!

Winamp Security Vulnerability. Upgrade immediately!

Postby Mithrandir » Wed Feb 01, 2006 3:33 pm

Hey all,
Looks like winamp has a bug in it. If you don't upgrade, a malicious website could feed winamp a nasty file, giving a remote user access to your computer. Take the advice here and upgrade to 5.13. You can do so at:
http://www.winamp.com/player/

Regards,
Mith


PS: Here's the advisory for anyone interested.


cert wrote: National Cyber Alert System

Technical Cyber Security Alert TA06-032A


Winamp Playlist Buffer Overflow

Original release date: February 1, 2006
Last revised: --
Source: US-CERT


Systems Affected

Microsoft Windows systems with Winamp 5.12 or earlier


Overview

America Online has released Winamp 5.13 to correct a buffer overflow
vulnerability. Exploitation of this vulnerability could allow a remote
attacker to execute arbitrary code with the privileges of the user.


I. Description

Winamp is a media player that is commonly used to play MP3 files.
Winamp 5.13 resolves a buffer overflow vulnerability in how playlist
files are handled. Details are available in the following
Vulnerability Note:

VU#604745 - Winamp fails to properly handle playlists with long
computer names

Winamp contains a buffer overflow vulnerability when processing a
playlist that specifies a long computer name. This may allow a remote
unauthenticated attacker to execute arbitrary code on a vulnerable
system.


II. Impact

By convincing a user to open a specially crafted playlist file, a
remote unauthenticated attacker may be able to execute arbitrary code
with the privileges of the user. Winamp may open a playlist file
without any user interaction as the result of viewing a web page or
other HTML document.


III. Solution

Upgrade

Upgrade to Winamp 5.13.
User avatar
Mithrandir
 
Posts: 11071
Joined: Fri Jun 27, 2003 12:00 pm
Location: You will be baked. And then there will be cake.

Postby Slater » Wed Feb 01, 2006 3:54 pm

doh, they're on to me!
Image
User avatar
Slater
 
Posts: 2671
Joined: Sat May 22, 2004 10:00 am
Location: Pacifica, Caliphornia

Postby Da Rabid Duckie » Wed Feb 01, 2006 4:57 pm

Ooh, thank you VERY much for posting that. *installs it*
Da Rabid Duckie -- Taking Over Your Country In Three Posts Or Less.

Join the Proud Nation of Temuoplis! Koei, Temuoplis!

Law of Japanese Animation #11 (Law of Inherent Combustibility)
Everything explodes. Everything.

In both real life and video games,
anything can be solved through the mass application of explosives. -- The Duck


Da Rabid Duckie, concerning Gypsy wrote:Gypsy doesn't realize this, but she's ditching whomever she's with and we're getting married. Uh huh. Yeah. Lil bro Zilch can be the best man, it'll be an explosive ceremony. Everyone is invited! We'll serve poutine at the reception, Straylight can DJ, and Shatterheart can start a mosh pit!
Gypsy, in acceptance wrote:Explosives and poutine? Alright!
Hey... she said it... :p
User avatar
Da Rabid Duckie
 
Posts: 524
Joined: Tue Feb 10, 2004 3:47 pm
Location: Oxford, MS

Postby ShiroiHikari » Wed Feb 01, 2006 4:59 pm

Upgraded! Thanks.
fightin' in the eighties
User avatar
ShiroiHikari
 
Posts: 7564
Joined: Wed May 28, 2003 12:00 pm
Location: Somewhere between 1983 and 1989

Postby TheMelodyMaker » Wed Feb 01, 2006 7:49 pm

Would this apply to someone who still uses 2.91 and has "No Internet connection available" in the options? :sweat:
[color=RoyalBlue]@)}~`,~ [/color]Carry this rose in your signature as thanks to Inkhana, for all she has done for us in the past.Even though she is no longer a moderator, she has done an awful lot for us while she was and she deserves thanks. ^_^
TheMelodyMaker
 
Posts: 1904
Joined: Sun Jul 20, 2003 10:13 pm


Return to Computing and Links

Who is online

Users browsing this forum: No registered users and 207 guests