14 DAY TRIAL // Winamp is currently one of the most popular audio players in the entire world, being also one of the oldest computer applications. Because it contains several powerful features able to provide high quality with minimum hardware requirements, Winamp is still the leader in its category, remaining one of the most used multimedia players for numerous computers. Today, many users might decide to look for an alternative audio player after the security company Secunia discovered a flaw in Winamp able to allow an attacker to control an affected computer.
According to the report, the vulnerability is caused by a malicious .MAT file that can allow the execution of arbitrary code. Generally, a .MAT file is an extension compatible with Winamp that stores information about the audio formats played by the application. Secunia sustained the vulnerability was confirmed only in version 5.33 but the previous editions might be also affected.
"Piotr Bania has reported a vulnerability in Winamp, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within LIBSNDFILE.DLL when handling .MAT (Matlab sound files) files. This can be exploited to overwrite an arbitrary memory location with a NULL byte when opening a specially crafted .MAT file. Successful exploitation may allow execution of arbitrary code," the security company sustained.
Although the solution is quite simple, Secunia encouraging people to avoid opening untrusted .MAT files, the report reveals a new type of security flaws able to affect any application installed on the computer. Until now, the most attacked programs were surely the security tools such as antiviruses or firewalls but it seems like even the multimedia players can allow an attacker control our system. In the past, Winamp and other audio players were quite avoided by the security flaws so the vulnerability is something new for their developers.
If you want to download the latest version of Winamp, you can take it from Softpedia using this link.