That would be straight from the horse’s mouth, so to speak. Secunia issued an extremely critical security bulletin for Winamp. Let me tell you - that rarely happens. Your best bet is to upgrade your WinAmp version to the latest - 5.13. The issue concerns boundary errors in playlists that cause a buffer overflow and give a malicious person control of your machine. Here is the complete warning that was issued from Secunia:
…
Some vulnerabilities have been reported in Winamp, which can be exploited by malicious people to compromise a user’s system.
1) A boundary error during the handling of filenames including a UNC path with a long computer name can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename with an overly long computer name (about 1040 bytes).
NOTE: An exploit is publicly available.
The vulnerability has been confirmed in version 5.12. Other versions may also be affected.
2) A boundary error within the parsing of playlists (.m3u or .pls) can be exploited to cause a stack-based buffer overflow via a playlist containing an overly long, specially crafted filename.
The vulnerability has been reported in version 5.11 and does reportedly not affect prior versions.
The vulnerability is related to vulnerability #1.
3) A boundary error within the parsing of playlists containing a filename with a .wma extension can be exploited to cause a buffer overflow via a specially crafted playlist.
The vulnerability has been reported in version 5.094. Other versions may also be affected.
Successful exploitation of any of the vulnerabilities allows execution of arbitrary code on a user’s system when e.g. a malicious website is visited.
Solution:
Update to version 5.13.
NOTE: Vulnerability #2 was silently fixed in version 5.13. Vulnerability #3 was silently fixed in version 5.11.
(Source: Secunia)
If you would like to make a comment, please fill out the form below.
On the TWiT podcast I heard some high-profile saying no one used Winamp, so no one cared. I use Winamp, I care.