Slashdot Mirror


WinAmp Security Hole Discovered, Patched

Sbarbero writes "According to Techworld.com, a significant security hole has been discovered in NullSoft's WinAmp, meaning everyone should upgrade to the 5.03 version the makers have just put out right now. Security company NGS has found that the exploit 'can be activated remotely simply by rendering a specially crafted html document' and will run arbitrary code - they have a full advisory on their site." Oddly enough, the vulnerability is in the playback for the classic .XM 'tracker' music format.

5 of 393 comments (clear)

  1. Thank goodness by ackthpt · · Score: 5, Funny
    Thank goodness I don't listen to music/radio on my computer. You never know where such a thing could lead to.

    Hi from Napster! We've been tracking your listening habits and suggest the following music...Barry Manilow, Air Supply, Leo Sayer. If you act now and buy, we won't tell your friends or neighbors.

    --

    A feeling of having made the same mistake before: Deja Foobar
  2. Damnit! by teamhasnoi · · Score: 5, Funny
    When is the Mac version of this exploit coming out?

    I am so tired of waiting.

    1. Re:Damnit! by blixel · · Score: 4, Funny

      When is the Mac version of this exploit coming out?

      Doesn't matter. No one will be able to afford it.

  3. Re:Where's my patched 2.9x? by Doesn't_Comment_Code · · Score: 4, Funny

    bloated POS Winamp 5 player

    You know your media player is too big when all the eye candy slows your older computers to the point they can't play mp3's without choking.

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  4. Third Party Software Sucks by Mordack · · Score: 5, Funny

    Crap like this is why you should never use third party software like Winamp. Stick with Microsofts line of quality products and you'll be safe.

    Seriously, just look at the time it took to fix this bug. I could almost read the entire headline before the fix. The bug took as long to fix as to read the comma between "Discovered" and "Patched". I expect better from Third Party software.

    Until Third Party software is able to show they care about their products I can only recommend that you stick with 100% Microsoft Approved Solutions.

    --
    I don't need no stinkin' sig!