WARNING: Extremely Critical Winamp vulnerability discovered

**HavoX** · 25th November 2004, 07:22 PM

props to The Register for this report:
[blockquote]

Security researchers are warning of a serious - and unfixed - security hole with the popular Winamp media player.

A remotely exploitable stack based buffer overflow creates a means for hackers to take over machines running Winamp- providing they can trick users into running maliciously constructed files. For example, a malformed .m3u playlist file, hosted on a web site, would be automatically downloaded and opened in Winamp without any user interaction. The vulnerability, discovered by pen testers at Security-Assessment.com, arises from a buffer overflow in library file (called IN_CDDA.dll) used by Winamp.

The vulnerability has been reported in version 5.05 and confirmed in version 5.06. Prior versions might also be affected, security firm Secunia warns. A proof of concept exploit was released yesterday by security outfit K-OTik. K-otik advises users to uninstall Winamp or at the very least disassociate .cda and .m3u extensions from Winamp until the bug is fixed.

[/blockquote]

**Ice Rabbit** · 25th November 2004, 07:41 PM

Ouch. I never used Winamp, I really don't use media players much. If this proves too much, I'll wait until a safer version is released for free.

**RedStarWarrior** · 25th November 2004, 08:46 PM

Heh, I will continue to use Winamp. I don't have any files run on my system without my express permission. This security vulnerability doesn't really seem that harmful to me.

**Moonlight Espeon** · 26th November 2004, 03:54 PM

I don't use Winamp anyway, and here's a nother reason not to do so again. I always use Windows Media Player now. I think Winamp sucks anyway, WMP is like the only program that Microsoft can make correctly.

**HavoX** · 26th November 2004, 06:33 PM

[blockquote]

Moonlight Espeon said:
WMP is like the only program that Microsoft can make correctly.

[/blockquote]don't forget that they're the masterminds behind the award-winning Halo series (I have not and do not plan on playing Halo)

**kainashi** · 28th November 2004, 12:19 AM

oh dear. hope it's fixed soon.

**kainashi** · 2nd December 2004, 02:29 PM

winamp 5.07 released

awesome. :monocle: should be on the front page of winamp.com soon.

Thread: WARNING: Extremely Critical Winamp vulnerability discovered

Thread Tools

Display