Feeds

WinAmp's ‘malicious MP3’ vuln

All you need is an upgrade

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Users of NullSoft's popular WinAmp player should upgrade to version 2.80 (available here) to avoid a vulnerability reported on the BugTraq mailing list by Swedish security researcher Andreas Sandblad and confirmed by the company.

What we have here is a buffer overflow condition which can be exploited, with some difficulty, by using the ID3v2 tag which contains information about the audio file, such as artist, title, images, etc. It can also contain quite a bit more than that. Indeed, it can contain a separate file and can be as much as 256MB in total size.

WinAmp parses the tag's contents, and of course manipulation here is limited to what the parser is designed to accomplish. There's a lot that can't be done with this rig -- and there's probably a lot that isn't known about what can be done -- but do know that if the mini-browser is enabled, a malformed URL can cause a buffer overflow.

"If the mini-browser is enabled, Winamp will try to query a script on info.winamp.com for extra information about the song, based on data from the ID3v2 tag. The buffer overflow condition occurs when the URL string intended to be sent to the minibrowser is created. That means the buffer overflow occurs before any actual Internet connection to info.winamp.com is made," Sandblad says.

Creating the actual condition is fairly straightforward, but exploiting it isn't quite so easy. However it is possible to get to a memory address where considerable mischief can be done. This would include infecting other MP3 files on a drive or a network share. How long the blackhat development community will take to produce a handy exploitation tool is anyone's guess, but generally speaking they catch on very fast. Obviously it wouldn't hurt to upgrade from 2.79 to 2.80, since doing so is free and, we hope, painless. In lieu of that, a simple workaround is to disable the mini-browser.

Personally, I'd do both if I were using the product. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.