ITS Homepage Click here for text version of ITS homepage
Contact UAlbany Directories Calendars & Schedules Visitors Site Index Search
Admissions Academics Research IT Services Libraries Athletics
alerts_tag
*UNPATCHED* Winamp CAF file vulnerability


ALARM Group ALERT - click for a description of ALARM, The Computing Alert System


Alert Number: 030309-01
Alert Date: 3/3/09
Alert Title: *UNPATCHED* Winamp CAF file vulnerability
Update-to: N/A

OS/Platform/Application:

Nullsoft Winamp version 5.55 and 5.541

NOTE: Other versions may be vulnerable as well

Category: ALERT
Severity: MEDIUM
Attention: Winamp users, System Administrators, Desktop Support Personnel.

Summary: Internet security resources are reporting the existence of a new vulnerability in Nullsoft's popular Winamp media player application.  The vulnerability pertains to the handling of CAF files.  CAF (Core Audio Format) is a type of audio file; CAF files are recognizable by their ".CAF" file extension.   The most likely mechanism of exploit for this vulnerability is the handling of a maliciously-crafted .CAF file.  Successful exploitation could result in takeover of a vulnerable computer.

Recommended Actions:  At the time of this writing (8:00 AM 3/3/09) a patch is not yet available from the vendor.  Winamp users are encouraged to avoid the handling of files ending in ".CAF" until a patch is available.

ITS Actions: N/A

Resources:

Secunia Alert:
http://secunia.com/secunia_research/2009-8/
 

BLANKABCDEFGHIJKLMBLANK
BLANKNOPQRSTUVWXYZBLANK
CHOOSE FROM the ITS Site Index

GO TO an ITS Group

Information Technology Services
University at Albany, SUNY
1400 Washington Avenue
Albany, NY 12222
ITS Service Centers:  518-442-4000
  		University at Albany Home Page
Contact UAlbany | Directories | Calendars | Visitors | Site Index | Search
Admissions | Academics | Research | IT Services | Libraries | Athletics
Internet Privacy Policy              IT Policies