IT Jobs
WinAmp music to hackers' ears
Huge vulnerability means upgrade right now
By Kieren McCarthy | Techworld
Published: 00:00 GMT, 05 April 04
A "highly critical" hole in one of the most-used pieces of software in the world means that audio files will be music to hackers' ears.
The ubiquitous WinAmp program - used to play a huge range of media files - can provide someone with system access simply by getting someone to visit a malicious website. It all has to do with how the software loads Fasttracker 2 ".xm" media files.
It is possible to cause a heap overflow and so run code on the person's system. A ".xm" file is not needed however, as the software runs through all supported files with the same faulty piece of code. This greatly increases the opportunities hackers may have to con someone into clicking a link and so providing them with system access.
The flaw affects all WinAmps and so the only advice is to upgrade as soon as possible to the new patched version (5.03) on the company's website here.
WinAmp in its various forms has been downloaded tens of millions of times and has a huge installed base. It can deal with 30 different file types and has hundreds of plug-ins.
The hole was found by NGSSoftware and you can find out a lot more about it, plus details to fill in the hole without having to upgrade here.
Add your commentComments
bobby perry | Published: 02:51 GMT, 13 July 2008
my winamp is disabled/blocked. how do we enable it
anonomous | Published: 22:11 GMT, 12 August 2007
there is another way to stop this from happening. simply block winamp files using your firewall. when it tries to access the internet it is blocked from the internet no questions asked