Winamp Flaw Allows Attacks
By Ryan Naraine
November 24, 2004
Users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.

The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.

Security-Assessment.com, which is credited with finding the vulnerability, said a malicious hacker could cause a buffer overflow in various ways, the most dangerous being through a malformed .m3u playlist file.

"When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code," the company said.

The vulnerability exists due to a boundary error in the "IN_CDDA.dll" file," the company said.

Secunia recommends that users disassociate ".cda" and ".m3u" extensions from Winamp until the vendor releases a fix.

News of the Winamp security issue comes amid reports that the last members of the original Winamp team have said goodbye to AOL. Only a few employees remain to prop up the once-ubiquitous digital audio player with minor updates, but no further improvements to Winamp are expected.

Winamp is maintained by AOL's Nullsoft division.

It is not the first time that security flaws have been flagged in Winamp. Earlier this year, Nullsoft rushed out a critical fix for a vulnerability found in the Winamp 3.0, 5.0 and 5.0 Pro versions.

That flaw was detected in the Winamp Skin installer mechanism and was being exploited to automatically launch spyware applications without user consent.