반응형
해외 Nullsoft사에서 제공하는 멀티미디어 플레이어 Winamp 5.6 Build 3081 버전이 공개되었습니다.
이번 버전에서는 DLL Hijacking 취약점에 대한 문제가 해결되었으며, 악의적인 미디어 파일을 사용자가 열었을 경우에 발생하는 in_nsv.dll 플러그인과 관련된 Integer Overflow 문제를 해결한 것으로 알려져 있습니다.
이번 버전에서 새롭게 추가된 기능 및 수정된 사항은 다음과 같습니다.
- New: [pmp_wifi] Android Wi-Fi support
- New: Direct mouse wheel support
- New: Option to write ratings to tags (for mp3, wma/wmv, ogg & flac)
- Improved: Redesigned Devices/Portables view in Media Library
- Improved: New on-the-fly "Vertically flip (Shift+F)" option in Video context menu
- Improved: [dlmgr/jnetlib] Handling of http status codes 100 & 201-206
- Improved: [ml_plg] Playlist Generator: context menu dialog & other features
- Improved: [ml_pmp] More user-friendly Transcoding options for portable devices
- Improved: [ml_transcode] Added support for <disc> & <discs> in naming scheme
- Improved: [nsutil] Optimized video flip modes
- Improved: [pmp_android/ipod] Added encoder blacklist
- Improved: [ReplayGainAnalysis] Support for more sample rates
- Fixed: DLL load security vulnerability
- Fixed: [enc_lame] Memory leak
- Fixed: [gen_ff] Bookmark corruption via Send To menu in main window songticker
- Fixed: [gen_ml] Empty/Grey ML when restarting Winamp from a minimized state
- Fixed: [gen_ml] Scrolling lag in nav panel with large amount of items
- Fixed: [in_midi] Buffer/Integer overflow issues (thanks: Joakim @ nsense)
- Fixed: [in_mod] Buffer overflow in comment box (MTM security vulnerability)
- Fixed: [in_mkv] Crash when reading a string that was exactly SIZE_MAX bytes
- Fixed: [in_mp3] ID3v1 UI glitch, APEv2 + Lyrics3 tag combo bug, APEv2 tag removal
- Fixed: [in_mp4] Potential crash on getting metadata/albumart from invalid MP4 files
- Fixed: [in_nsv] Integer overflow in allocating memory for metadata
- Fixed: [in_nsv] Integer overflow when parsing TOC (thanks to: C. Eiram, Secunia)
- Fixed: [in_nsv] Video flip mode detection quirks
- Fixed: [ml_local] Arrow direction and sort inconsistencies in 3-pane views
- Fixed: [ml_plg] Playlist Generator crashes and database corruption issues
- Fixed: [ml_pmp] Autofill crash on empty libraries
- Fixed: [ml_playlists] Crash on drag+drop items from one playlist to another
- Fixed: [ml_transcode] Freeze transcoding .cda when using <filename> in scheme
- Fixed: [playlist] Relative pathnames when filename is already relative
- Fixed: [pmp_android/usb] Playlist sync & loading issues
- Fixed: [pmp_android/ipod/usb] Issue with forward slashes in playlist paths
- Fixed: [pmp_usb] Bug when multiple usb devices are connected
- Fixed: [vis_milk2] Unicode issues with fonts & presets editor (5.58-specific)
- Fixed: [vis_milk2] sprites.ini file lookup
- Fixed: [vp6.w5s] Buffer overflow issue
- Misc: More general tweaks, improvements, fixes and optimizations
- Misc: Portables/Devices support now also adds ml_devices.dll & devices.w5s
- Misc: Prompt user whether to move skins/langpacks when changing location
- Misc: Removed Winamp Remote from installer
- Misc: [ml_pmp] Moved 'Podcast Sync' to new tab in portable device options
- Misc: [out_ds] Config now displays 7.1 speakers as '7.1' instead of 'Unknown'
- Updated: Gracenote CDDB/MusicID v2.6.206
- Updated: [gen_jumpex] JTFE v1.2.3
- Updated: [in_vorbis] libogg v1.2.1 & libvorbis v1.3.2
- Updated: [vp8] libvpx v0.9.5
실제 해당 보안 취약점을 이용한 공격이 이루어지기는 어려울 수 있지만, 보안을 위하여 해당 프로그램을 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 이용하시기 바랍니다.
728x90
반응형