Extremely Critical Exploit Hits Winamp

The popular Winamp music player suffers from a zero-day vulnerability that attackers are already exploiting, a security company warned Monday. A patch is not available.

The bug in Winamp 5.12 is "extremely critical," the most dire alert Danish-based Secunia uses. An attacker, said Secunia, can take complete control of a PC by getting a user to download a malicious audio playlist that uses a filename larger than about 1,040 bytes. Because Winamp automatically begins playing a playlist once it's download, hackers could easily attack PCs equipped with the music player. InformationWeek | Winamp Vulnerability | "Extremely Critical" Exploit Hits Winamp | January 30, 2006

Linked by shanmuga Monday, 30th January 2006 9:34PM