Critical Flaw In Nullsoft Winamp Player

Filed under: — By Aviran Mordo @ 10:27 am

A critical flaw was discovered in the popular media player Nullsoft Winamp version 5.12. This flaw is a Zero-Day vulnerability, which means that currently there is no patch available that fixes the problem.

This flaw is due to a buffer overflow error when processing a specially crafted playlist (”.pls” file) containing a malformed “File1″ tag, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system without any user-interaction via a specially crafted web page.

French Security Incident Response Team published a proof of concept of the PLS File Handling Remote Buffer Overflow.

Update: The guys at Winamp put out a quick fix for this flaw. Until a new version of Winamp is out you can use this patch

Digg this story ?


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress