Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Samker on 02. December 2010., 14:02:42

Title: Winamp fixes critical integer overflow vulnerability - "in_nsv.dll" (download)
Post by: Samker on 02. December 2010., 14:02:42

(http://1.bp.blogspot.com/_HFCdP7O6bMc/R3Pp65TgWhI/AAAAAAAABh0/Nn2ZPeYtGsk/s200/winamp.jpg)

Winamp media player users need to update their software following the discovery of multiple security holes, some of which provide a means to distribute malware via booby-trapped media files.

Version 5.6 of the software for Windows fixes a critical integer overflow vulnerability in the the "in_nsv.dll" plug-in library that leaves users exposed to viral attack – provided, of course, that they are first tricked into opening a maliciously constructed stream or media file. The update from developers Nullsoft also addresses a potentially nasty, but probably less easy to exploit, bug involving the handling of midi files. The release also includes a number of performance and stability tweaks.

A release announcement can be found on Nullsoft's forum: http://forums.winamp.com/showthread.php?t=324322 (http://forums.winamp.com/showthread.php?t=324322) but details of the security side of the update can more easily be reviewed via an advisory on the bugs by security notification firm Secunia here: http://secunia.com/advisories/42004 (http://secunia.com/advisories/42004)

(ElReg)

Title: Re: Winamp fixes critical integer overflow vulnerability - "in_nsv.dll" (download)
Post by: krrjhn on 25. January 2011., 07:53:26

Thanks for sharing i really need this!!