STE WILLIAMS

Winamp mends trio of old-school security holes

Dec
13

Winamp mends trio of old-school security holes

  • alert
  • print
  • comment
  • tweet

Heap overflow? Winamp? Party like it’s 1999

Free whitepaper – Centre Hospitalier d’Avignon Secures Patient Records

An update to Winamp closes a terrible trio of critical security holes in the popular media player application.

The rather old-school vulnerabilities involve a brace of integer overflow cockups in the in_avi.dll plug-in and a heap-based buffer overflow vulnerability in the in_mod.dll plug-in library. All three flaws create a means to inject hostile code into systems running vulnerable versions of the software, which is developed by Nullsoft, a division of AOL Music. Exploits would involve tricking victims into attempting to play malformed media files.

Users are advised to upgrade to version 5.623 of Winamp media player for Windows, as explained in an advisory by security notification firm Secunia here. More details can be found in a post on Winamp’s forums here. ®

Free whitepaper – IBM System Networking RackSwitch and IBM System Networking solutions

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/13/winamp_update/

Comments

Comments are closed.