Secunia, on Friday, January 18, warned of two critical security vulnerabilities in the popular Winamp audio player. Attackers can use specially designed data flow to execute malicious code on a user's machine.
The vulnerability is caused by a bug in in_mp3. dll. During the creation of the names of streams in the processing of metadata Ultravox, an attacker can with a long tag values and to implement a stack overflow and execute arbitrary code on the victim's system.
AOL Ultravox protocol is used for the radio service online.
In the Secunia confirmed the vulnerability exists in versions 5. 21, 5. 5, and 5. 51. May be affected and other versions. , According to heise-security. co. uk.
To solve the problem of IS professionals is recommended to download Winamp version 5. 52.
No comments:
Post a Comment