We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Critical Winamp bug threat to PC users

Hack exploits Winamp music player to hijack PCs

Security companies have warned Winamp users that the music player application has a bug that could give attackers the means to hijack PCs.

According to Danish vulnerability tracker Secunia and eEye Digital Security of California, the Winamp 5.34 plug-in that decodes MP4 files is flawed. If a specially crafted MP4 file is fed to the player, an attacker could compromise the machine and execute his own malicious code remotely.

Secunia rated the bug as ‘highly critical’, its second-most-dire level in a five-step scoring system; eEye simply dubbed it as a ‘high’ risk.

"A media player remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the internet," said eEye's alert. "An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with administrator credentials."

Windows XP users, for example, typically run the operating system using an administrator account.

One bright spot, said eEye, was that because Winamp does not open MP4 files embedded in a website, attackers would have to dupe users into launching the malicious file. The most likely delivery vehicles: MP4 files attached to email messages or a link to a site from which the file could be downloaded. "This could add a level of suspicion to the exploit delivery, but since music sharing is such a common activity, the suspicious activity might be dismissed by the user," said eEye.

With a patch yet to come from Nullsoft, eEye recommended that users disassociate the .mp4 extension from Winamp by choosing Options/Preferences, then General Preferences/File Types and deselecting MP4.

www.computerworld.com


IDG UK Sites

Amazon Fire HD 6 is a really good value tablet. The Amazon Fire HD 7 isn't. Amazon Fire HD 6 and...

IDG UK Sites

Why Sony's PS4 2.0 update is every gamer's dream (well, mine at least)

IDG UK Sites

ACLU's Halloween-themed animation warns of dangers of ignoring threats to your privacy

IDG UK Sites

20 lesser-known tips for Mac OS X Yosemite: use Yosemite like an expert