WinAmp music to hackers' ears
"highly critical" hole in one of the most-used pieces of software in the world means that audio files will be music to hackers' ears.
The ubiquitous WinAmp program - used to play a huge range of media files - can provide someone with system access simply by getting someone to visit a malicious website. It all has to do with how the software loads Fasttracker 2 ".xm" media files.
It is possible to cause a heap overflow and so run code on the person's system. A ".xm" file is not needed however, as the software runs through all supported files with the same faulty piece of code. This greatly increases the opportunities hackers may have to con someone into clicking a link and so providing them with system access.
The flaw affects all WinAmps and so the only advice is to upgrade as soon as possible to the new patched version (5.03)
WinAmp in its various forms has been downloaded tens of millions of times and has a huge installed base. It can deal with 30 different file types and has hundreds of plug-ins.
The hole was found by NGSSoftware and you can find out a lot more about it, plus details to fill in the hole without having to upgrade here