Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

WinAmp music to hackers' ears

Huge vulnerability means upgrade right now

By Kieren McCarthy | Techworld | Published: 00:00, 05 April 2004

A "highly critical" hole in one of the most-used pieces of software in the world means that audio files will be music to hackers' ears.

The ubiquitous WinAmp program - used to play a huge range of media files - can provide someone with system access simply by getting someone to visit a malicious website. It all has to do with how the software loads Fasttracker 2 ".xm" media files.

It is possible to cause a heap overflow and so run code on the person's system. A ".xm" file is not needed however, as the software runs through all supported files with the same faulty piece of code. This greatly increases the opportunities hackers may have to con someone into clicking a link and so providing them with system access.

The flaw affects all WinAmps and so the only advice is to upgrade as soon as possible to the new patched version (5.03) on the company's website here.

WinAmp in its various forms has been downloaded tens of millions of times and has a huge installed base. It can deal with 30 different file types and has hundreds of plug-ins.

The hole was found by NGSSoftware and you can find out a lot more about it, plus details to fill in the hole without having to upgrade here.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.