Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability
Date: Wed, 1 Feb 2006 15:01:54 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

                   Cyber Security Alert SA06-032A


Winamp Playlist Vulnerability

   Original release date: February 1, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows systems that have Winamp installed.


Overview

     Winamp, a popular media player, has a vulnerability that could
     allow an attacker to take control of your system. Upgrading to the
     latest version of Winamp will take care of this vulnerability.


Solution

Install an Update

     You can download and install Winamp 5.13 to avoid the
     vulnerability.


Description

     A vulnerability in Winamp 5.12, and possibly in earlier versions,
     allows an attacker to run malicious code on your system when you
     open a playlist file. This malicious code could also be embedded in
     a web page, and could execute, without your knowledge, when you
     visit a malicious web page or open an HTML document.

     For more technical information, see US-CERT Technical Alert
     TA06-032A.


References

     * Winamp Version History -
       <http://www.winamp.com/player/version_history.php>

     * US-CERT Technical Cyber Security Alert TA06-032A -
       <http://www.us-cert.gov/cas/techalerts/TA06-032.html>

     * US-CERT Vulnerability Note VU#604745 -
       <http://www.kb.cert.org/vuls/id/604745>


  ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA06-032A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT. Please send email to
   <cert@cert.org> with "SA06-032A Feedback VU#604745" in the subject.
 ____________________________________________________________________

   Mailing list information:

     <http://www.us-cert.gov/cas/>
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

  February 5, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ+EKhH0pj593lg50AQLm3wf/YZpaQzu0RtyGXXE0WeR5PQoHvXHovqQr
wa440DvxTHCclN0BqQHvaI5KlOTKKCgw1Dh0w18AtR6YeJGDmoKt3hZumrC9K0tI
qUIAP2p007ow5cRp5sKfrF1vfA3/t0CVoBXBS8UURsGZt5fwAoTHN0uU18pE5rem
3Y35KNFqu/3f9wApvQyAHhmulD9L43sigZtM00z5RCmKEHD/6I5KbGm+vPicuLYF
/ns/ieYactohUvstIYRsb2e0QVXR3iqf3eIX88USu+TAeXLBI1fZj+fSY8yPQrYz
f809aIMeJBsfscLGI0yoNiIXpX1P3DFQe13I/voBCLUWGeNkVy0PRA==
=sHdO
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability, US-CERT Alerts <=
Next by Date:  US-CERT Cyber Security Alert SA06-038A -- Multiple Vulnerabilities in Mozilla Products, US-CERT Alerts
Next by Thread:  US-CERT Cyber Security Alert SA06-038A -- Multiple Vulnerabilities in Mozilla Products, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]