Winamp or the Hijacked Music Lover’s PC!

Remember the article about possible security holes in Instant Messenger Software (e.g. Yahoo Instant Messenger or YIM) NetNacs published in its last edition? You thought that was bad news?

Well, get this… Hacker’s possibly could control your PC if you use Winamp to listen to your MP3 files. Winamp, a widely used audio player, suffers from the same problems as YIM – a buffer overflow¹ affects most of its versions. This time a certain media file (not file type!) causes the trouble and once opened (played in Winamp) an attacker can gain access and control over your workstation. The level of control depends on what privileges you have assigned. In the worst case the hacker could gain full access if you have administrative rights.

The security hole is caused by a plugin named “in_mod.dll” which is used by Winamp to open .XM (FastTracker 2) media files. It’s a popular application that is designed to allow musicians to create sound files using sample-based instruments. NGSoftware now found out that a special .XM file causes the buffer overflow. As with in YIM the malicious .XM file runs code on your machine once opened, which could expose your PC to hacker’s threat.

The tricky and real “mean” fact however is, that is does not necessarily needs to be an .XM file. Winamp usually scans a file’s code and so discovers which type it is so it can be played properly. A hacker could therefore hide the attacking code in any file type Winamp recognizes. The “.XM file” could be disguised as for example i_am_going_to_attack_you.mp3 and Winamp still scans it as a .XM file and plays it.

The creator and publisher of Winamp Nullsoft has addressed this issue in its latest release Winamp 5.03. All Winamp users are therefore strongly encouraged to upgrade and/or download this latest version to avoid possible exposure to hacker attacks.
_____________

¹This happens when more data is put into a buffer or holding area, then the buffer can handle. This is due to a mismatch in processing rates between the producing and consuming processes. This can result in system crashes or the creation of a back door leading to system access. (Source: http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html)

Copyright © 2004