Secunia has posted that a nasty, buffer overflow type exploit, was discovered in recent versions of Winamp 5. It is highly recommended that if you are using this software, to head on over to FileForum and snag the update 5.13, which states: Fixed [in_mp3] extremely critical security vulnerability.
Below, you can read an explanation of sorts of the nature of the problem from Secunia:
Description: The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes). ADVERTISEMENT
Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited. The vulnerability has been confirmed in version 5.12. Other versions may also be affected. NOTE: An exploit is publicly available. ADVERTISEMENT
Solution: **Update** Solution: Update to version Original Advisory: Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise. |
Source: FileForum