ITS Homepage Click here for text version of ITS homepage University at AlbanyUAlbany Site IndexUAlbany Search
alerts_tag
Zero-day exploit for Winamp



ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number:  050207-03
Alert Date:  05/02/07
Alert Title:  *Zero-day exploit for Winamp
Update-to:   None
OS/Platform/Application:  Winamp v5.x on (potentially) all systems
Category:  ALERT
Severity: MEDIUM
Attention:  System Administrators/Users, Desktop Support Personnel, Winamp users

Summary:  Multiple Internet security-related agencies are reporting the existence of a vulnerability in AOL Music's popular WinAmp media player.  The vulnerability is related to the handing of MP4 files and can result in remote code execution/system takeover.  The most likely vector of exploit is the opening of a specifically-crafted MP4 message.  At the time of this writing (4:45 EST on 5/2/07) a patch has not been provided by the vendor.

Recommended Actions:  Although a patch is not yet available numerous workarounds have been suggested by various security agencies and resources.  Support personnel and WinAmp users are encouraged to read the information on this vulnerability (links provided below) and (if appropriate) consider the implementation of one or several of the suggested countermeasures.

ITS Actions:  N/A

Resources:

Secunia Advisory:
http://secunia.com/advisories/25089/

Eeye Advisory (includes steps to dissociate handing of MP4 files):
http://research.eeye.com/html/alerts/zeroday/20070430.html
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies