• On The Insider: Judge Bans Real Housewives Sex Tape

April 30, 2002 10:35 AM PDT

MP3 viruses could play with Winamp

By Matthew Broersma
Staff Writer, CNET News

  • Post a comment
Related Stories

PC invaders camp out in hard drives

 April 18, 2002
A glitch with the popular Winamp software for playing digital music files could allow an attacker to embed malicious code into an MP3 file, potentially damaging the user's PC and infecting other MP3s.

Nullsoft, a division of AOL Time Warner that makes Winamp, has confirmed the vulnerability in an older release of the software. The glitch does not affect the newest version, 2.80, which was released last week. In the older version, the problem can be fixed by disabling Winamp's mini-browser.

The weakness is particularly dangerous because MP3 files are generally considered safe, and hundreds of thousands of people frequently trade them with unknown Internet users via file-swapping services such as Kazaa and Morpheus.

A bug in the code of Winamp 2.79 allows a specially formed data tag in an MP3 file to cause a buffer overrun in the application, which could be exploited to run any piece of code the attacker wishes. The glitch was posted to the Bugtraq security mailing list Friday by Andreas Sandblad, a Swedish engineering student.

The code can be embedded in the ID3v2 tag used by some MP3 files to carry information on a song track, such as artist, album and genre. When Winamp plays the track, it automatically tries to query the Winamp Web site using the information in the tag.

According to Sandblad, the buffer overflow occurs when the URL to be sent to the mini-browser is created, meaning that the exploit can be carried out even if an Internet connection isn't present. However, disabling the mini-browser prevents the attack.

Since the attacker can cause any code to be executed on the user's computer, a virus could potentially be spread by altering the ID3v2 tags of other MP3 files on the hard drive or networked drive, which could then be spread to other people.

The scope of the problem is relatively limited, though, according to Graham Cluley, senior technology consultant with Sophos Antivirus. "Lots of applications have vulnerabilities that can run potential exploits, but most virus writers don't have to be so clever--they can just distribute a VBS file and give it a sexy name," he said.

He also noted that any such virus would only affect Winamp users, a small population compared with the numbers affected by, for example, Microsoft Outlook viruses.

ZDNet U.K.'s Matthew Broersma reported from London.

advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Time Warner (2.13%) 0.50 24.00
Dow Jones Industrials (0.06%) 4.76 8,183.17
S&P 500 (0.35%) 3.12 882.68
NASDAQ (0.31%) 5.38 1,752.55
CNET TECH (0.38%) 4.78 1,259.65
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET