Critical Winamp security flaw found and fixed

Written by James Delahunty @ 31 Jan 2006 8:21 User comments (5)

Another "extremely critical" security flaw has been found in AOL's Winamp digital media player. It relates to how the player handles filenames that include a computer name. The vulnerability "can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name," according to an advisory by Secunia. An attack can lead to arbitrary code being run on a user's computer. An exploit has already surfaced for the flaw, which affects version 5 of the software.

Winamp users will be happy to know that there was no time wasted in fixing this flaw. Winamp v5.13 has been released and all users are advised to update immediately. The exploit was created by ATmaCA, and uses a specially crafted playlist file to overflow the player. The PLS file can simply be loaded remotely through an IFRAME on a Web site.

You can download the latest version of Winamp from: https://www.afterdawn.com/software/audio_software/audio_players/winamp_v5.cfm

Source:
Betanews

<Los Angeles sues Take-Two Interactive >UK software pirates targeted

5 user comments

11.2.2006 02:34

borhan9

Send private message to this user

AfterDawn Addict

Im glad that they got to it quick but i find it too be a nifty lil trick :)

21.2.2006 02:49

Mr_Taz_UK

Send private message to this user

Senior Member

Might help if you put a little more detiail here so ppl know what your talking about.

31.2.2006 10:17

borhan9

Send private message to this user

AfterDawn Addict

@Mr_Taz_UK Mate this is a comment i made after reading the news article that comes with it u can find it here. http://www.afterdawn.com/news/archive/7262.cfm After reading the article it will make more sense :)

42.2.2006 00:31

Mr_Taz_UK

Send private message to this user

Senior Member

ah, I'll get my coat. Weird thing is i opened your post in the 'threads without a reply' section and the news article was not with it. One fer the staff here to look ay maybe. Soz for the confusion.

52.2.2006 01:06

borhan9

Send private message to this user

AfterDawn Addict

No problem mate, well its always good for the members to find a glitch to help the admin out :) No Worries

Comments have been disabled for this article.

	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments
	CEO of Messaging App Telegram Arrested in France (25 Aug 2024 7:12) French authorities have detained Pavel Durov, CEO of the messaging service Telegram, amidst an ongoing investigation to determine whether Telegram moderates its platform adequately. 1 user comment

	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments
	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment

Critical Winamp security flaw found and fixed

5 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.