Serious Winamp flaw gets fix

By Dawn Kawamoto
Staff Writer, CNET News

Last modified: January 30, 2006 3:56 PM PST

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Playlists could be WinAmp hack
November 24, 2004; Flaws found in Windows-based media players
October 28, 2004; Digital attacks on Winamp use 'skins' for camouflage
August 25, 2004

Nullsoft has released an update to Winamp to fix a serious security vulnerability that opened up systems to remote attack.

The company posted version 5.13 of the media player online on Monday after Secunia and other security companies issued alerts about the problem. Malicious software exploiting the "extremely critical" flaw was already circulating on the Internet, according to Secunia's advisory.

The security hole, found in the latest version of Winamp 5.12, could lead to malicious attackers taking remote control of a Winamp user's system. Earlier versions of the media player may also be affected, Secunia said.

Even though the security company gave the vulnerability its highest rating for software threats, it noted that the number of people who use Winamp has declined over the years, so the scope of the problem is not as large as it once might have been.

"Winamp used to be the world's most popular MP3 player and is still quite popular, but as Windows Media Player has gotten better, some users have migrated over," said Thomas Kristensen, Secunia's chief technology officer.

The vulnerability could be exploited when a Winamp user visits a malicious Web site and a tainted media file is launched onto the person's system. A buffer overflow is triggered, which allows the attacker to take control of the computer without being constrained by security measures, Kristensen noted.

"We aren't aware of any systems that have been compromised yet, but it's likely to happen since there's exploit code out," Kristensen said.

Nullsoft, a division of America Online, is urging people to download the updated media player from the Winamp Web site. "Users attempting to launch the v. 5.12 player will be prompted with a pop-up message alerting them to upgrade to the secure Winamp v 5.13," AOL said.

The vulnerability, initially discovered by Atmaca, is not the first to be found in the Winamp software. In late 2004, a highly critical flaw was found in the playlist files for the Winamp player.

See more CNET content tagged:
Winamp, NullSoft, media player, flaw, vulnerability

Add a Comment (Log in or register) 11 comments

Damn...
by January 30, 2006 10:02 AM PST: There they go again hogging all the headlines. First they stop
supporting the Mac platform with Windows Media Player and it has
a security problem immediately. MicroSoft sucks up all the glory
and now they have done it again a week or two later.

MicroSoft will do anything for headlines.; Reply to this comment View reply
Processing

Fix available.
by katamari January 30, 2006 11:41 AM PST: http://forums.winamp.com/showthread.php?threadid=236740; Reply to this comment

Winamp losses not just due to WMP
by ddesy January 30, 2006 12:42 PM PST: I hate to break it to people, but Winamp hasn't just declined in popularity due to WMP. For me and a fair number of others, it is because the new versions are just more bloated and are made to try to get you to buy a better version! I still use pre-3.0 versions of Winamp.; Reply to this comment View reply
Processing

its just like the jpg hole...........
by freq January 30, 2006 1:37 PM PST: my hunch is that all major streaming platforms are severly affected. weird packets can cause buffer overflows.... and open acceess to the gui framworks... GTK in particular I think...
and not only is your work stolen but your brain is washed as well.... anyone listen to the voice-overs lately on frisky and proton?!?

the max headroom 1984 theme has got to stop!; Reply to this comment

Fix Is Now Available
by annanemas January 30, 2006 3:35 PM PST: New fixed version 5.13 has been released now and you can download it from the winamp.com web site.; Reply to this comment View reply
Processing

Latest tech news headlines

Ellison's mantra: Spend, baby, spend
Posted in Coop's Corner by Charles Cooper

October 10, 2008 4:13 PM PDT
President signs broadband data collection bill
Posted in News - Politics and Law by Stephanie Condon

October 10, 2008 3:59 PM PDT
Microsoft to announce Silverlight 2.0 on Monday
Posted in Beyond Binary by Ina Fried

October 10, 2008 3:43 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Week in review: Tech stocks tumble
Of course it wasn't just technology stocks that took a dive this week, but industry leaders are doing some serious worrying about what lies ahead.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
News - Apple
Apple, eBay stocks rise as Dow goes on wild ride
Two notable technology stocks swam against the tide Friday, with shares rising in the positive territory for most of the day.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there but Oracle's chief tells shareholders the company still intends to shop for more acquisitons.
Video
Sprint launches Xohm WiMax
News - Digital Media
YouTube beams up 'Star Trek' for long-form video
YouTube gets Beverly Hills 90210, MacGyver, and Star Trek in a test of longer-form video that's theatrically presented and interrupted by ads.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Messenger returns to Mercury
Crave
Ubiquitous Netbooks, a cheap Acer, and WiMax cometh: The week in laptops
Netbooks are everywhere (still), this time from Asus and MSI. Also, more cheap laptops and Best Buy's Blue Label. It's the week in laptops!
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."