[ news_security_news ]
Winamp Zero-Day Exploit
John Stith
Staff Writer
2006-01-31
 Insider Reports RSS Feed
Hackers cracked the new Winamp in record time as AOL prepared a new download for release a day after the hackers launched their assault. The Winamp 5.12 media player was the victim of a zero-day exploit.
The code was posted on the milw0rm.com website and would run software on XP computers running the new version of Winamp. With this exploit, hackers can run their software by tricking users to click on special playlists. Secunia said this in their bulletin:
The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes).
Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited.
When folks open their Winamp 5.12, a popup will advise them to download the newer 5.13. This should solve the problems. Also, the exploit won't work on versions older than 5.12. Let's just hope they don't crack the 5.13 so easily.
Zero-day exploits are going to keep getting more common as hackers look for new ways to generate income and cause problems in general. This means that users must be more aware of their computer problems and companies need to be equally aware of how good their Internet security
Add to | DiggThis| Yahoo My Web
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
