By Nate Mook, BetaNews
July 18, 2005, 6:42 PM
AOL's Nullsoft division released a minor update to its Winamp digital audio player on Monday to correct a security vulnerability that could lead to buffer overflow and the potential execution of arbitrary code. Winamp 5.094 fixes the problem, along with a number of minor bugs.
The vulnerability lies in the way Winamp processes ID3 tags contained in MP3 files. If a malformed MP3 file is loaded into a playlist with an artist or title that is too long, it is possible to create overflow code that is later executed. The issue was reported to Nullsoft in late June, and an advisory was issued by LSS Security last week.
Tiada ulasan:
Catat Ulasan