Two security alerts were issued Wednesday concerning vulnerabilities in Nullsoft’s WinAmp music player and Microsoft’s Windows XP operating system that can be exploited using corrupt audio files.The flaws allow MP3 or Windows Media files containing malicious code to be introduced into a user’s PC, allowing an attacker to run damaging code on that machine, according to security company Foundstone, in Mission Viejo, Calif. The corrupt files would sound identical to unmodified music files, the company said.The buffer overflow security vulnerability in Windows XP can cause the operating system to run suspect code when its file-browsing application, Windows Explorer, plays a music file. The vulnerability lies in the Windows Shell, and Microsoft’s Windows Media Player is not affected by the problem, Microsoft said in an advisory posted on its Web site. It characterized the problem as “critical” and issued a patch.An unchecked buffer allows an attacker to overwhelm a computer by sending it more information than the program can handle. Once overwhelmed, the machine becomes vulnerable to just about any code or instructions sent to it by an attacker. The attacker could create corrupted MP3 or WMA files and host them on a Web site or on some other shared network, or send them to a victim via an HTML e-mail, Microsoft said. A user could launch the malicious code simply by moving a mouse pointer over the icon for the file on a Web page or on a local disk, Microsoft warned. Opening a shared folder where the file is stored, as well as opening or previewing a contaminated e-mail, can also set off the problem.WinAmp has a similar flaw, affecting Versions 2.81 and 3.0 of its WinAmp player, that allows code to run when certain multimedia tags in MP3 and WMA files are loaded with too much data. Specifically, the WinAmp 2.81 overflow problem is with the handling of the Artist ID3v2 tag upon immediate loading of an MP3 file, while two Winamp 3.0 overflows are present in Media Library’s handling of the Artist and Album ID3v2 tags, Foundstone said. Foundstone has alerted Nullsoft to the problem and Nullsoft has released fixed versions of Winamp 2.81 and Winamp 3.0, which can be found on its Web site. Related content news Dell provides $150M to develop an AI compute cluster for Imbue Helping the startup build an independent system to create foundation models may help solidify Dell’s spot alongside cloud computing giants in the race to power AI. By Elizabeth Montalbano Nov 29, 2023 4 mins Generative AI Machine Learning Artificial Intelligence news DRAM prices slide as the semiconductor industry starts to decline TSMC is reported to be cutting production runs on its mature process nodes as a glut of older chips in the market is putting downward pricing pressure on DDR4. By Sam Reynolds Nov 29, 2023 3 mins Flash Storage Technology Industry news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe