In association with heise online

26 October 2006, 12:09

Two critical holes fixed in Winamp

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The new version 5.31 of the Winamp media player removes two critical security holes that could have let users be infected with a trojan just by clicking on an HTML link, for example. According to iDefense, a security vendor, the flaw is part of the routine for processing Ultravox Lyrics3 tags in music files as well as in the implementation of the Ultravox streaming technology developed by AOL.

Both vulnerabilities are based on heap overflows, and can be provoked either through manipulated playlists or the shout: and uvox: URIs. A flawed ultravox-max-msg header, among others, is responsible for the overflow. By default, the links are associated with Winamp in Internet Explorer when the player is installed. It doesn't matter whether the user intends to listen to Ultravox streams or not, clicking on the link to a rigged web site is enough to become a victim. The flaw was confirmed for Winamp versions 5.24 through 5.30, although previous versions may also be affected.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit