Security Bytes: Hole in Winamp; Java Plug-in flaw fixed

In other news, a vulnerability is found in Opera, while new malicious code targets mobile phones and Asian pop star fans.

Buffer overflow flaw in Winamp Users of Winamp 5.05 should update to version 5.0.6 to guard against a vulnerability attackers could exploit to cause a stack-based buffer overflow and launch malicious code, New Zealand-based Security-Assessment.com said in an advisory. "It is possible that earlier versions are also vulnerable and we recommend all users to upgrade to the latest version," the advisory said. "The overflow can be caused...

in various ways, the most dangerous though is through a malformed .m3u playlist file. When hosted on a Web site, these files will be automatically downloaded and opened in Winamp without any user interaction. This is enough to cause the overflow that would allow a malicious playlist to overwrite EIP and execute arbitrary code." Danish security firm Secunia said this is a "highly critical" security hole because it can be exploited remotely.

Sun fixes Java Plug-in vulnerability
Sun Microsystems has fixed a vulnerability in the Java Plug-in that attackers could use to remotely gain escalated privileges and write malicious files. The Santa Clara, Calif.-based company said the problem affects SDK and JRE 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 releases and 1.3.1_12 and earlier on the Solaris, Windows and Linux platforms. The vulnerability "may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet," Sun's advisory said. The problem is fixed in SDK and JRE 1.4.2_06 and later, and SDK and JRE 1.3.1_13 and later.

Smart phone Trojan circulating
A new Trojan affecting smart phones is circulating in the wild, according to Finland-based F-Secure. Known as "Skulls," the SIS file Trojan "will replace the system applications with non-functional versions, so that all but the phone functionality will be disabled," said F-Secure. "If Skulls is installed it will cause all application icons to be replaced with a picture of skull and cross bones, and the icons don't refer to the actual applications any more so none of the phone system applications will be able to start." If infected, don't reboot the phone and go to the F-Secure Web site for more information.

Patch issued for Java flaw in Opera
A patch is available for Java vulnerabilities in Opera software. According to an advisory from Illegalaccess.org, "Opera 7.54 is vulnerable to leakage of the Java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering [spying] of local identity information and system configurations as well as causing annoying crash effects." Opera Software has eliminated the vulnerability in 7.60 beta versions. Version 7.54 can be patched.

F-Secure fixes flaw affecting multiple products
Finnish security firm F-Secure has issued patches to fix a vulnerability malware can exploit to bypass certain scanning functions. The flaw, affecting multiple F-Secure products, allows an attacker to "create specially-crafted .zip archives that fool the scanner to believe that the archive is of zero length." The company's advisory added that "this will cause the scanner to stop scanning the archive and pass it through even if it may contain malware. This may lead to failure to detect malware inside the .zip archive." The vulnerability doesn't affect the product's ability to detect malware when it is extracted from the archive, the advisory said. The severity of the vulnerability varies with each product. F-Secure added, "This vulnerability is typically significant only in systems that scan e-mail traffic. These systems handle archives without extracting them and it is important to be able to scan the archive contents reliably. Clients need to extract files before a virus can activate and this vulnerability does not affect scanning of extracted files."

Virus exploits popularity of Asian singer
A new worm is exploiting the popularity of an Asian pop star in an attempt to spread, according to Lynnfield, Mass.-based antivirus firm Sophos. "W32.Favsin-A is the second piece of malware in less than a week to exploit the popularity of Singapore-born singer Stefanie Sun Yanzi," Sophos said on its Web site. Last week, W32.Yanz-A carried a message from the virus writer promoting the pop star, but Favsin carries a darker message calling for Sun Yanzi to contact him in Turkey. Sophos said e-mails containing the virus include such lines as, "I want to meet Sun YanZi. I am loving Sun-YanZi's Magic. Call me YanZi. But you don't contact me(Turkiye)," "I want to see Sun YanZi. Call me Sun Yan Zi ;)," and "I can not contact you. Because, I am far to you(Turkiye). Please listen to me Stefanie Sun Yanzi." Attached files that contain the worm have names like "Sun_YanZi-I_am_not_sad.mp3.exe," "Sun_YanZi-Leave_me_alone.mp3.exe" and "YanZi_SuN-forever.mp3.exe." "Whoever wrote this virus needs to get out a bit more and include some sunshine in his diet," Graham Cluley, senior technology consultant for Sophos, said in a statement. "If this virus writer spent more time with real-life pursuits and less time in his bedroom drooling over his favorite pop stars then maybe we wouldn't have seen this virus."

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close