All the latest UK technology news, reviews and analysis

Hackers exploit critical Winamp flaw

by Robert Jaques

26 Nov 2004

Be the first to comment

  • Tweet this

IT security experts have uncovered a critical vulnerability in the popular Winamp media player, which could be exploited by hackers to compromise a user's system.

Security expert Brett Moore, from Security-Assessment.com, published an advisory detailing the flaw. "The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file," it stated.

Further reading

"This can be exploited in various ways to cause a stack-based buffer overflow, e.g. by tricking a user into visiting a malicious website containing a specially crafted '.m3u' playlist."

Yesterday the threat level of the flaw was raised to 'critical' after the discovery of a hacker exploit which takes advantage of the vulnerability. Successful exploitation allows execution of arbitrary code, said Moore.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected, according to Moore, and the flaw has not been fixed in Winamp version 5.06 contrary to vendor statements.

The best workaround for the hundred of thousands of users of the media player is to disassociate '.cda' and '.m3u' extensions from Winamp.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Concept image of broken USB representing a data leak

Nuclear watchdog loses USB containing data on power plant in Hartlepool

Related white papers

Related articles

Related jobs

Today's top stories

Microsoft Windows 8 start screen

Top 10 Microsoft Windows 8 features to be excited about

Barclays Pingit Application in use on an iPhone

Barclays launches Pingit mobile payment service for iPhone, Android and BlackBerry

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Open Source Developer, Betting Exchange, London

Skills: Open Source, C, C++, Java, Python, SQL, Developer...

Flash Developer, Front-end Developer, Developer

ActionScript 3, Flex, Javascript, HTML, CSS, XML My...

Hadoop Data Mining Research Developer - London

My client is a real-time advertising and content 'start...

C++ UNIX Developer, Financial Services, London

C++, UNIX, Multithreading My client is a leading software...

To send to more than one email address, simply separate each address with a comma.