IT security experts have uncovered a critical vulnerability in the popular Winamp media player, which could be exploited by hackers to compromise a user's system.
Security expert Brett Moore, from Security-Assessment.com, published an advisory detailing the flaw. "The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file," it stated.
"This can be exploited in various ways to cause a stack-based buffer overflow, e.g. by tricking a user into visiting a malicious website containing a specially crafted '.m3u' playlist."
Yesterday the threat level of the flaw was raised to 'critical' after the discovery of a hacker exploit which takes advantage of the vulnerability. Successful exploitation allows execution of arbitrary code, said Moore.
The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected, according to Moore, and the flaw has not been fixed in Winamp version 5.06 contrary to vendor statements.
The best workaround for the hundred of thousands of users of the media player is to disassociate '.cda' and '.m3u' extensions from Winamp.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches