We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Critical Winamp bug threat to PC users

Hack exploits Winamp music player to hijack PCs

Security companies have warned Winamp users that the music player application has a bug that could give attackers the means to hijack PCs.

According to Danish vulnerability tracker Secunia and eEye Digital Security of California, the Winamp 5.34 plug-in that decodes MP4 files is flawed. If a specially crafted MP4 file is fed to the player, an attacker could compromise the machine and execute his own malicious code remotely.

Secunia rated the bug as ‘highly critical’, its second-most-dire level in a five-step scoring system; eEye simply dubbed it as a ‘high’ risk.

"A media player remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the internet," said eEye's alert. "An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with administrator credentials."

Windows XP users, for example, typically run the operating system using an administrator account.

One bright spot, said eEye, was that because Winamp does not open MP4 files embedded in a website, attackers would have to dupe users into launching the malicious file. The most likely delivery vehicles: MP4 files attached to email messages or a link to a site from which the file could be downloaded. "This could add a level of suspicion to the exploit delivery, but since music sharing is such a common activity, the suspicious activity might be dismissed by the user," said eEye.

With a patch yet to come from Nullsoft, eEye recommended that users disassociate the .mp4 extension from Winamp by choosing Options/Preferences, then General Preferences/File Types and deselecting MP4.

www.computerworld.com


IDG UK Sites

Windows 10 for phones UK release date, price and new features: When will my phone get Windows 10?

IDG UK Sites

It's World Backup Day 2015! Don't wait another minute: back up now

IDG UK Sites

Get the free Adobe Comp CC iPad app for rapid layout design

IDG UK Sites

New 13-inch Retina MacBook Pro (early 2015, 2.7GHz) review: Just about the greatest upgrade any...