Several holes in Winamp
The Winamp media player by AOL Nullsoft is a potential entrance door for malware. According to several advisories by security specialist Piotr Bania, version 5.33 might overwrite storage structures with content that crashes the program, if manipulated files in the MatLab (extension .MAT), Impulse Tracker (.IT) and ScreamTracker-3 format (.S3M) are processed. Bania also says that there is a possibility that attackers might exploit these holes to infiltrate arbitrary malicious code via the Internet.
Probably, these programming errors are also contained in older Winamp versions. So far, no patched version has been provided for download on the Winamp site. Users of this media player should be extremely careful with affected file formats until an update is published and should also take care not to open Internet links to such files unless they come from a trusted source.
Users are also advised to disconnect the link between Winamp and the three file formats mentioned in order to prevent automatic execution. Users of the full, bundle and pro version should also completely disable the module in_mod.dll under "Preferences/Plug-ins/Input".
- AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero), Advisory by Piotr Bania
- AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption, Advisory by Piotr Bania
- AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption, Advisory by Piotr Bania