Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Winamp 5.05/5.06 Exploit

  • 01-12-2004 2:55am
    #1
    Moderators, Computer Games Moderators Posts: 4,569 Mod ✭✭✭✭


    Right, I did a search, didnt find a previous thread about this. I'm not looking for tech support... please dont ban me ;)
    IT security experts have uncovered a critical vulnerability in the popular Winamp media player, which could be exploited by hackers to compromise a user's system.
    Security expert Brett Moore, from Security-Assessment.com, published an advisory detailing the flaw. "The vulnerability is caused due to a boundary error in the 'IN_CDDA.dll' file," it stated.

    "This can be exploited in various ways to cause a stack-based buffer overflow, e.g. by tricking a user into visiting a malicious website containing a specially crafted '.m3u' playlist."
    Yesterday the threat level of the flaw was raised to 'critical' after the discovery of a hacker exploit which takes advantage of the vulnerability. Successful exploitation allows execution of arbitrary code, said Moore.
    The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions may also be affected, according to Moore, and the flaw has not been fixed in Winamp version 5.06 contrary to vendor statements.

    The best workaround for the hundred of thousands of users of the media player is to disassociate '.cda' and '.m3u' extensions from Winamp.

    Unfortunately I cant link to the site I got it from as it also hosts warez. Whether that has any relevance to the credibility, is your cause.


Advertisement