Winamp Media Player Opens Windows to System Hijacking
An attacker could exploit the flaw with a malicious MP4 file to trigger the buffer overflow.Even as Microsoft prepared to release critical updates for flaws in multimedia frameworks and APIs, proof-of-concept exploit code came out over the weekend that shows how an attacker can target the Winamp multiformat media player, a media player from Nullsoft that runs on Windows and is second only to Windows Media Player in worldwide popularity. Symantec on Dec. 8 produced a security advisory warning that attackers can take over systems due to a vulnerability in how Winamp processes some MP4 files. Nullsoft has since addressed the issue, which boils down to a buffer overflow problem, in Winamp 5.35. The problem affects Winamp 5.02 through 5.34.
An attacker would exploit the flaw by putting together a malicious MP4 file to trigger the buffer overflow. According to Symantec, the file could include replacement memory addresses, arbitrary code and NOP (No Operation) commands, which are assembly language commands that do nothing besides waste CPU clock cycles.