Winamp security flaw poses new threat

By Derek Sooman on
We are all used to IE getting a monthly new security bug found, but Winamp? In fact, this is not the first security flaw found in the application. Apparently, users of the media playing application are at risk of remote code execution attacks because of a flaw in the software, which makes it possible for an attacker to cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.

"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code." - Security-Assessment.com.

This comes at a time when the future of Winamp is uncertain, and only a skeleton team remain, performing maintenance tasks on the application, and little else.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.