Nullsoft fixes many vulnerabilities in new Winamp

[Ishaant Avasthi]

Sponsored Links

I have just started the course for learning the hacking techniques by tweaking up the code of the softwares on different IPs. Anyways, I am just a beginner to this field but I have recently heard something about the Nullsoft that they have made some changes in the new Winamp that has fixed some of bugs in the software preventing the user's system accessed by the attackers. Can you guys tell me what is an actually thing that has been secured by these changes?

[Lemog]

Final version of Winamp 5.57 has been delivered to Windows users. They must already think to update their media player due to correcting several security vulnerabilities like execution of arbitrary code remotely. Winamp is fine to version 5.57.1. For these vulnerabilities, the company Secunia issued a security advisory highly critical. According to the explanations of French CERTA (Centre of Expertise Governmental Response and Computer Attacks Treatment), the mechanical operation requires opening a specially crafted file. Problems are caused by integer overflow errors in the decoder IN_MOD.DLL parsing of certain file types Oktalyzer, Ultratracker or Impulse Tracker. Other errors are present in the modules and png.w5s jpeg.w5s at the opening of PNG or JPEG files contained in an MP3 file.

[addie]

A critical flaw has been discovered in the Winamp software. This vulnerability, using the ID3v2 tag maliciously filled causing a buffer overflow error and therefore an attacker to take control of your computer by running certain commands. The vulnerability has yet been tested on versions 5.6 and although it is relatively difficult to use initially, there is no doubt it will in the near future. Nullsoft (Winamp publishing company) has released a patch in the coming days.

[Wguy2008]

The patches correct proposed new critical flaws disclosed recently. This loophole could be closed manually but treatment is now automated (for those who did not make the correction manually). The patch also correct a critical flaw that affects the color management module. This vulnerability could allow an attacker to compromise your data from your Nullsoft and gain control of it. It is advisable to update your system as quickly as possible via Nullsoft.