Jan 10 2008
Winamp Media Player Opens Windows to System Hijacking
By Lisa Vaas
An attacker could exploit the flaw with a malicious MP4 file to trigger the buffer overflow.
Even as Microsoft prepared to release critical updates for flaws in multimedia frameworks and APIs, proof-of-concept exploit code came out over the weekend that shows how an attacker can target the Winamp multiformat media player, a media player from Nullsoft that runs on Windows and is second only to Windows Media Player in worldwide popularity.
Symantec on Dec. 8 produced a security advisory warning that attackers can take over systems due to a vulnerability in how Winamp processes some MP4 files. Nullsoft has since addressed the issue, which boils down to a buffer overflow problem, in Winamp 5.35. The problem affects Winamp 5.02 through 5.34.
Read more from eweek.com