|
By Jon Newton 1/31/06 AtmaCA has found an extremely critical security hole in AOL's Winamp and a publicly available exploit is being reported. The flaw is caused by a boundary error during the handling of filenames including a computer name, says Secunia, going on: "This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes). |
 Jon Newton |
"Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited."
The vulnerability has been confirmed in version 5.12 and other versions may also be affected, says Secunia. Another highly critical Winamp vulnerability was discovered last July. Secunia doesn't list any fixes or work-arounds.
Jon Newton is the editor of p2pnet.net
and is a regular contributer to MP3 Newswire. Jon's site is devoted to the politics
of digital music and his insights as well as those of his co-writers can be
read there. We urge you to explore it.
Other MP3 stories:
Great Indy Bands
Struggle to be Heard
The Digital
Media Winners of 2005
The Digital
Media Losers of 2005
The 30GB iPod Video is available on Amazon
