Winamp 5.57 eliminates vulnerabilities
Nullsoft has released version 5.57 of Winamp, the popular media player, closing several critical vulnerabilities that could be exploited to compromise a user's system and fixing a number of bugs. According to security services provider Secunia, many of the problems were caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL
) that can be exploited to cause heap-based buffer overflows using a specially crafted "Impulse Tracker" file. For an attack to be successful, a victim must first open a manipulated media file.
Other vulnerabilities include an error when parsing PNG or JPEG data files, leading to memory corruption and an issue when parsing Oktalyzer files, leading to a heap-based buffer overflow. All versions up to and including 5.56 are reportedly affected.
More details about the release can be found in the official announcement blog post and release notes. Winamp 5.57 is available to download for Windows. All users are advised to upgrade to the latest release as soon as possible.
See also:
- Winamp Multiple Vulnerabilities, security advisory from Secunia.
- The H Update Check: Reducing your security risks, a report from The H.
(crve)