Serious security hole patched in Winamp version 5.13

Secunia has posted that a nasty, buffer overflow type exploit, was discovered in recent versions of Winamp 5. It is highly recommended that if you are using this software, to head on over to FileForum and snag the update 5.13, which states: Fixed [in_mp3] extremely critical security vulnerability.

Below, you can read an explanation of sorts of the nature of the problem from Secunia:

Description:
ATmaCA has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).

Successful exploitation allows execution of arbitrary code on a user’s system when e.g. a malicious website is visited.

The vulnerability has been confirmed in version 5.12. Other versions may also be affected.

NOTE: An exploit is publicly available.


Solution:                      
Use another product.


**Update** Solution: Update to version
5.13.

Provided and/or discovered by:
ATmaCA

Original Advisory:
http://milw0rm.com/id.php?id=1458

Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

 

Source: FileForum