Designed in 2 Minutes?

Saturday, November 27, 2004

Critical vulnerability in Winamp media player

We are living in a time where the Internet is gradually and rapidly playing an important role in people’s life. In fact people use internet for pretty much everything and one of the most increasing activities over the internet is the transfer of music and video. To support such activities, users need specialised software (media players) to play songs and videos downloaded from servers or other users’ computers and therefore can act as gateways between computers. Because of that very critical role, some may assume that very deep thoughts and efforts are put into their development. This is certainly true for many of them. However it has been proved that they can be used to compromise users’ system by creating a major breach in security.

The security expert Brett Moore from the found that there is a critical vulnerability in the popular ‘Winamp’ media player (version 5.05, 5.06, and prior versions), caused due to a boundary error in the ‘IN_CDDA.dll’ file.

The error is exploited in various ways to cause a stack-based buffer overflow, e.g. by tricking a user into visiting a malicious website containing a specially crafted ‘.m3u’ playlist, and if successful it allows execution of arbitrary code.

With the hundred of thousands or maybe millions of users out there, we expect better from developers than those types of vulnerabilities, which just show that not enough tests and validations have been conducted with the most serious consequence that they leave the users at the mercy of the hackers who will not hesitate to dispossess them with whatever they can put the hands on from their system.

Are we completely moving into an era where digital technology is the main weapon for robbery?


Post a Comment

<< Home