MP3 users warned about security threat

Internet users downloading MP3 music files have been warned about a security hole in a popular MP3 player that could let a hacker execute harmful code on their system.

According to security company Panda Software, the vulnerability in the Nullsoft Winamp 2.10 player consists of a stack overflow error that can be produced through the use of PLS extension files.

These files are used by Winamp to store playlists and are often exchanged among Internet Relay Chat (IRC) users so that they can check out tracks before receiving an MP3 file.

The overflow is produced by including more than 580 bytes after the 'FileN=' tag, which makes it possible to include more code that will be run on the user's system when the malformed PLS file is opened. This code may include any kind of destructive action.

Panda said it considered the security hole to be "serious" and that Winamp is currently one of the most widely used audio players available for Windows 95, 98 and NT platforms.

The company recommended users not to open PLS files that come in from unknown sources and to upgrade their players to the latest available version, which is currently 2.50.

Neil Barrett, technical director at security company Information Risk Management, commented: "A large percentage of security holes that have been discovered in the last decade have been buffer overflow, which is what this is. Arbitrary code is dangerous as commands execute as if they are the user."

He added; "We always tell users not to open attachments if they come from somewhere they don't recognise. The problem with MP3 is that it's not always easy to work out where it's from, and given how easy it is to spoof email you have to be doubly careful."

Nullsoft failed to respond to vnunet.com's requests for comment.