In association with heise online

08 January 2009, 15:32

Hole in gen_msn plug-in for Winamp

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Now Playing plug-in gen_msn, for the Winamp media player, has a hole which allows an attackers code to be executed from a playlist file. The plug-in is used to allow users to display to others what they are listening to, via Microsoft's instant messaging. A similar hole was found in August with the integrated Now Playing function of Winamp.

The cause of the vulnerability is a boundary error in gen_msn.dll when there are over long entries in a playlist. This error can be exploited to cause a buffer overflow. For a successful attack, the user needs to open a .pls play list file in Winamp. The problem has been confirmed for gen_msn version 0.31 with Winamp 5.541, although other versions may be vulnerable. Users are advised not open untrusted files or streams, with the plug-in installed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit