Buffer overflow flaw found in open source MP3 player
Source: Dawn Kawamoto - Posted by Joe Shakespeare   
Host Security A vulnerability found in open source MPEG audio player mpg123 received a "highly critical" rating on Tuesday from security information provider Secunia.

The software vulnerability may lead to an exploit in which a specially crafted MP2 or MP3 file could cause a memory problem called a "buffer overflow" that could allow an attacker to run malicious code.

"Mpg123 allows users to listen to music and receive data streams from a server. But if they listen to music from a malicious server, then it could compromise their own system," said Thomas Kristensen, Secunia chief technology officer. "The owner of the malicious server would be able to do actions like the user on their own system."

Those actions could include taking control of a user's applications to send email -- perhaps aiding in identity theft or the spread of viruses -- or alter files. However, Kristensen said the vulnerability may be difficult to exploit.

Read this full article at Dawn Kawamoto

Only registered users can write comments.
Please login or register.

Powered by AkoComment!