Uma importante falha de segurança do Winamp reportada pelo site de segurança Security-Assessment.com ainda não foi corrigida na nova versão 5.05 do mesmo. Um software malicioso com a função de explorar esta falha começou a circular na internet, tornando a vulnerabilidade ainda mais perigosa. Até agora, a Nullsoft não se manifestou sobre a falha.
A serious security flaw reported last week in WinAmp is still unpatched, contrary to the vendor's assurances, according to the researcher who discovered the vulnerability. What's more, exploit code taking advantage of the flaw has begun circulating on the Internet, making attacks simpler to carry out, said security experts.
"It appears that the 'patched' version 5.05 does not fix the buffer overflow issue that we notified Nullsoft about," said Brett Moore, chief technical officer of Security-Assessment.com, in an email to the Bugtraq security mailing list on Wednesday. "We have sent Nullsoft a copy of this email, and hope that they can remedy this problem quickly." Nullsoft did not immediately respond to Techworld's request for comment.
Mais informações: PCWorld
