Critical Winamp security flaw found and fixed

Written by James Delahunty @ 31 Jan 2006 8:21 User comments (5)

Another "extremely critical" security flaw has been found in AOL's Winamp digital media player. It relates to how the player handles filenames that include a computer name. The vulnerability "can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name," according to an advisory by Secunia. An attack can lead to arbitrary code being run on a user's computer. An exploit has already surfaced for the flaw, which affects version 5 of the software.

Winamp users will be happy to know that there was no time wasted in fixing this flaw. Winamp v5.13 has been released and all users are advised to update immediately. The exploit was created by ATmaCA, and uses a specially crafted playlist file to overflow the player. The PLS file can simply be loaded remotely through an IFRAME on a Web site.

You can download the latest version of Winamp from: https://www.afterdawn.com/software/audio_software/audio_players/winamp_v5.cfm

Source:
Betanews

<Los Angeles sues Take-Two Interactive >UK software pirates targeted

5 user comments

11.2.2006 02:34

borhan9

Send private message to this user

AfterDawn Addict

Im glad that they got to it quick but i find it too be a nifty lil trick :)

21.2.2006 02:49

Mr_Taz_UK

Send private message to this user

Senior Member

Might help if you put a little more detiail here so ppl know what your talking about.

31.2.2006 10:17

borhan9

Send private message to this user

AfterDawn Addict

@Mr_Taz_UK Mate this is a comment i made after reading the news article that comes with it u can find it here. http://www.afterdawn.com/news/archive/7262.cfm After reading the article it will make more sense :)

42.2.2006 00:31

Mr_Taz_UK

Send private message to this user

Senior Member

ah, I'll get my coat. Weird thing is i opened your post in the 'threads without a reply' section and the news article was not with it. One fer the staff here to look ay maybe. Soz for the confusion.

52.2.2006 01:06

borhan9

Send private message to this user

AfterDawn Addict

No problem mate, well its always good for the members to find a glitch to help the admin out :) No Worries

Comments have been disabled for this article.

	VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31) VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times. 1 user comment
	Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09) Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier. 8 user comments
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19) Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Neato, the robot vacuum company, ends its operations (02 May 2023 3:38) Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028. 5 user comments
	How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25) The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. .... 18 user comments

	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment
	Windows 11: Check if TPM is enabled on your computer In this short guide we will look at how you can check the status of Trusted Platform Module (TPM) on your PC ahead of the coming launch of Windows 11.
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	HOWTO: Boot Android device into Safe Mode Are you having trouble with your Android device? If you find that your device has become sluggish, is freezing, takes too long to boot or any of a host of other performance concerns, you may want to boot into Safe Mode.
	HOWTO: Install Netflix App on rooted Android device 'This app is no longer compatible with your device. Contact the developers for more info.' If you are getting this message from Google Play when trying to install Netflix, then maybe this little guide can help you.

Critical Winamp security flaw found and fixed

5 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product. 1 user comment
	Samsung Jet Bot 80+ review - excellent robot vacuum cleaner We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months. 1 user comment