Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Posted 29 November 2004 - 12:26 PM
If you use any version of WinAmp, you should take these precautions as exploits have been developed that could compromise security. This is rated as “Extremely Critical“ by Secunia.WinAmp - Critical vulnerability with CDA and M3U extensions
http://secunia.com/advisories/13269/
http://www.security-assessment.com/Papers/...er_Overflow.pdf
A new CRITICAL vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "IN_CDDA.dll" file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted ".m3u" playlist.
Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected.
Solution: Disassociate ".cda" and ".m3u" extensions from Winamp.
Back to top
