AfterDawn: Tech news
AfterDawn > News > Critical Winamp security flaw found and fixed

Critical Winamp security flaw found and fixed

Written by James Delahunty @ 31 Jan 2006 8:21 User comments (5)

Critical Winamp security flaw found and fixed

Another "extremely critical" security flaw has been found in AOL's Winamp digital media player. It relates to how the player handles filenames that include a computer name. The vulnerability "can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name," according to an advisory by Secunia. An attack can lead to arbitrary code being run on a user's computer. An exploit has already surfaced for the flaw, which affects version 5 of the software.
Winamp users will be happy to know that there was no time wasted in fixing this flaw. Winamp v5.13 has been released and all users are advised to update immediately. The exploit was created by ATmaCA, and uses a specially crafted playlist file to overflow the player. The PLS file can simply be loaded remotely through an IFRAME on a Web site.

You can download the latest version of Winamp from: https://www.afterdawn.com/software/audio_software/audio_players/winamp_v5.cfm



Source:
Betanews

<Los Angeles sues Take-Two Interactive >UK software pirates targeted
Previous Next  

5 user comments

11.2.2006 02:34
borhan9
Send private message to this user
AfterDawn Addict

Im glad that they got to it quick but i find it too be a nifty lil trick :)

21.2.2006 02:49
Mr_Taz_UK
Send private message to this user
Senior Member

Might help if you put a little more detiail here so ppl know what your talking about.

31.2.2006 10:17
borhan9
Send private message to this user
AfterDawn Addict

@Mr_Taz_UK Mate this is a comment i made after reading the news article that comes with it u can find it here. http://www.afterdawn.com/news/archive/7262.cfm After reading the article it will make more sense :)

42.2.2006 00:31
Mr_Taz_UK
Send private message to this user
Senior Member

ah, I'll get my coat. Weird thing is i opened your post in the 'threads without a reply' section and the news article was not with it. One fer the staff here to look ay maybe. Soz for the confusion.

52.2.2006 01:06
borhan9
Send private message to this user
AfterDawn Addict

No problem mate, well its always good for the members to find a glitch to help the admin out :) No Worries

Comments have been disabled for this article.

Latest news

Sony suspends memory card sales because memory chips are simply not available Sony suspends memory card sales because memory chips are simply not available (28 Mar 2026 6:49)
Sony has announced that it is temporarily suspending the sale of memory cards used in mobile phones and digital cameras, among other things. The company states that the reason is problems with the availability of memory chips.
Austria plans to ban social media for under 14 year olds Austria plans to ban social media for under 14 year olds (28 Mar 2026 6:17)
Austria is planning to ban social media for children under 14. The reform aims to protect children from harmful effects and addictions, but at the same time, it is problematic from a privacy perspective.
TP-Link urges users to update their routers - several vulnerabilities patched TP-Link urges users to update their routers - several vulnerabilities patched (26 Mar 2026 1:56)
Serious security vulnerabilities have been discovered in several TP-Link router models, for which patches were released at the end of March 2026. The company urges users to update their router software immediately.
Google: The feared Q-Day is now expected to happen in 2029 Google: The feared Q-Day is now expected to happen in 2029 (25 Mar 2026 4:32)
Google has advanced its estimate of when current forms of encryption will become insecure. The moment is called Q-Day, or Quantum Day, when the computational power of quantum computers will be sufficient to break currently used encryptions.
OpenAI shuts down its AI video service Sora OpenAI shuts down its AI video service Sora (24 Mar 2026 6:28)
OpenAI has decided to shut down Sora, its AI video creator, just months after its release. The decision is due to issues such as copyright problems and the deepfake phenomenon.

Reviews

Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
Roborock Saros 10 review - Great, but not perfect Roborock Saros 10 review - Great, but not perfect
We tested Roborock Saros 10 robot vacuum for more than two months in order to see whether it is really worth its hefty price tag. The mopping, self-emptying Saros 10 was mostly great, even perfect. But its object avoidance was bit disappointing.
1 user comment
Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum
We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.

News archive

Sections:

Follow us:

© 1999-2026 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud