Slashdot Mirror


WinAmp Security Hole Discovered, Patched

Sbarbero writes "According to Techworld.com, a significant security hole has been discovered in NullSoft's WinAmp, meaning everyone should upgrade to the 5.03 version the makers have just put out right now. Security company NGS has found that the exploit 'can be activated remotely simply by rendering a specially crafted html document' and will run arbitrary code - they have a full advisory on their site." Oddly enough, the vulnerability is in the playback for the classic .XM 'tracker' music format.

3 of 393 comments (clear)

  1. WinAmp Use by Eberlin · · Score: 5, Interesting

    Is WinAmp the free multimedia player of choice for Windows users? I know we've always talked about how Windows Media Player is eeeevil and RealPlayer is spyware. Where does WinAmp kick in? Does it do video or is it just a music thing? (like a free alternative to MusicMatch Jukebox or whatnot) It has been ages since I've follwed up (as a Linuxer I go between noatun and xmms)

    Basically, I guess the question is how to make a strong case for WinAmp use. I already sing the praises of Firefox and recommend OpenOffice to folks who don't want/can't shell out $$ for MS Office. I recommend AVG as a free virus-scanner. Same with ZoneAlarm, Spybot S&D, and Ad-Aware. What winning argument do I use to say "use WinAmp instead of..." to Windows users who ask?

  2. Wow by GarfBond · · Score: 5, Interesting

    I can't believe people are actually complaining about winamp bloat. Winamp has been one of the better examples of not-bloat. Sure, 5 is worse than 2, but it's better than 3, and much of the CPU-hogging goes away when you go back to classic skins. For me, the enqueue function makes it well worth it.

    I think the only way you can get less bloated is if you used something like mpg123. XMMS is a winamp-clone on linux anyway.

  3. Mikamp module by execom · · Score: 5, Interesting

    If I remember, Winamp uses a modified version of Mikmod, a well known module player, which is also available in some Linux distro.

    Will this bug be updated in mikmod as well ?

    I hope that one day, Winamp will drop Mikamp and use Modplug instead, which sources has been released and it the best player on Win32 (mikmod sounds horrible on Windows, and is buggy).

    Also modplug plays more formats and is better, although is win32 only;

    --
    I need a Sino-Logic 16. Sogo-7 data-gloves, a GPL stealth module...