Pavlov Scope

Lotus Notes has recently had some security issues disclosed in a variety of areas. One of them is a stack overflow bug that can allow arbitrary code execution (people can run a program on your computer without you having to click on it) – one of the worst kinds of bugs. Other vulns exist that have the same effect. These kinds of programming errors often create new “vectors” of attack for spyware, spammers, and viruses to exploit. The above are clients bugs.

I am an avid user of WinAmp, as are millions of other people. But, one thing I don’t make a habit of is downloading other people’s playlists, mainly because I have too many of my own to handle. However, if you have WinAmp installed on your machine (even if you are not an avid user or don’t DL playlists) watch out for a new nasty bug in versions of WinAmp 5.12 and prior. This buffer overflow vulnerability allows maliciosly coded playlists to run other programs on your machine (known as arbitrary execution) without your control. A good example might be a link to a playlist on a malicious website disguised to be a normal webpage link.

An exploit is out in the wild for this bug, making it exceedingly easy to exploit and some spyware is already using this flaw to install itself. Lately, spyware installers have been on the leading edge of exploits (over virus writers) – probably because there is money in spyware and not so much in viruses.

Since WinAmp automatically associates playlist files (naturally) to itself, you could accidentally trigger a malicious file without realizing it.

Bottom line – If you have WinAmp installed, update ASAP to 5.13 or higher: Here is a link to the WinAmp DL page

Questions or comments, please let me know.