Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinAmp - Critical vulnerability


  • Please log in to reply
2 replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:01 PM

Posted 29 November 2004 - 12:26 PM

Posted ImageIf you use any version of WinAmp, you should take these precautions as exploits have been developed that could compromise security. This is rated as “Extremely Critical“ by Secunia.

WinAmp - Critical vulnerability with CDA and M3U extensions
http://secunia.com/advisories/13269/
http://www.security-assessment.com/Papers/...er_Overflow.pdf

A new CRITICAL vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "IN_CDDA.dll" file. This can be exploited in various ways to cause a stack-based buffer overflow e.g. by tricking a user into visiting a malicious web site containing a specially crafted ".m3u" playlist.

Successful exploitation allows execution of arbitrary code. The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected.

Solution: Disassociate ".cda" and ".m3u" extensions from Winamp.

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:07:01 PM

Posted 03 December 2004 - 02:33 PM

Critical Update - Winamp 5.07

Recommendation: download and install immediately

Lite version:
http://download.nullsoft.com/winamp/client...amp507_lite.exe

Full version:
http://download.nullsoft.com/winamp/client...amp507_full.exe

Pro version:
http://download.nullsoft.com/winamp/client/winamp507_pro.exe

Bundle version:
http://download.nullsoft.com/winamp/client..._silvertide.exe

Edited by cryo, 03 December 2004 - 02:34 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image

#3 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:08:01 PM

Posted 08 December 2004 - 01:52 PM

Thanks for sharing the availability of new versions to fix this vulnerability




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users