Winamp mends trio of old-school security holes
Heap overflow? Winamp? Party like it's 1999
Posted in Software, 13th December 2011 14:02 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
An update to Winamp closes a terrible trio of critical security holes in the popular media player application.
The rather old-school vulnerabilities involve a brace of integer overflow cockups in the in_avi.dll plug-in and a heap-based buffer overflow vulnerability in the in_mod.dll plug-in library. All three flaws create a means to inject hostile code into systems running vulnerable versions of the software, which is developed by Nullsoft, a division of AOL Music. Exploits would involve tricking victims into attempting to play malformed media files.
Users are advised to upgrade to version 5.623 of Winamp media player for Windows, as explained in an advisory by security notification firm Secunia here. More details can be found in a post on Winamp's forums here. ®
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Send corrections
IT infrastructure monitoring strategies
The new Office Garage series:
Data control in the cloud
Top 10 SIEM implementer’s checklist
