Zero day exploit exposes Winamp users
Media player hit by buffer overflow flaw
Winamp has published a security update to fix a critical security vulnerability in its media player. The move came afer a security researcher by the nickname of Kozan discovered a flaw in Winamp 5.12 that can be exploited to compromise users' systems. Proof of concept code was published last Sunday. Attackers could exploit the flaw through a specially crafted playlist file. Upon opening the file, the flaw results in a buffer overflow, allowing remote hackers to launch applications and take over control of compromised systems. The vulnerability effectively allows the attacker to turn the computer into a zombie system or steal data from the system's hard drive. Security website Secunia gave the flaw its most severe security rating of "extremely critical". The vulnerability has been confirmed for Winamp version 5.12. The free Winamp media player is owned by America Online. Users launching the application will automatically be prompted to update to version 5.13, an AOL spokesperson told vnunet.com. Alternatively they can download the updated application from the Winamp.com website.
Reproduced from an article published by vnunet.com
© vnunet.com
The original article can be viewed here:
http://www.vnunet.com/vnunet/news/2149446/zero-day-exploit-exposes-winamp
Permalink Bookmark Digg this story
