Critical bug found in WinAMP

Status
Not open for further replies.
Julio Franco

Julio Franco

Posts: 9,097   +2,048
Staff member
According to TechWorld, a "highly critical hole" found in the popular media player, WinAMP, can open a window to hackers that only by running Fasttracker 2 ".xm" media files through a malicious website... We recommend upgrading to the latest version of the player inmediately.

It is possible to cause a heap overflow and so run code on the person's system. A ".xm" file is not needed however, as the software runs through all supported files with the same faulty piece of code. This greatly increases the opportunities hackers may have to con someone into clicking a link and so providing them with system access.
 
Umm, does version 5.03 (latest) solve the issue then?

I did not see it in the changelog....
 
According to TechWorld website it does. All previous versions including 2.x are vulnerable.
 
i guess all those people who want to stick with winamp 2.xx will have a really good reason to upgrade to winamp 5.xx. just use the classic winamp 2.xx style skins if you do not like the newer winamp3 style skins.

didou, xmms would be good but most people are running windoze. ;)
 
Wow, Fasttracker is a blast from the past. I used to love tinkering with modules.

On a sad note, guess I'll be looking for a new mp3 player. I had gone back to 2.xx because Winamp 5.x was so bloated and such a hog. Quite a sad day, I've been a loyal user of Winamp since before the first release went public.
 
So unless you are on some shady website and decide to click some audio link they have - you won't get affected right? Seems to me thats easy enough to avoid.

/me sticks with Winamp 5.0superearlyalphaness:
winampalpha.jpg
 
Ok my post above this was made without fully looking into the problem. But upon further investigation it appears my above comment was incorrect. This link explains to me what I didn't read first. But it also contains this important piece of information if you for any number of reasons don't want to upgrade your winamp, and don't use any Fasttracker files.
If for some reason it is impossible to download the updated version of
Winamp, the vendor has informed NGSS that it is possible to disable the
handling of Fasttracker 2 module files by taking the following steps:

1. Right click the Winamp player, go to 'Options' and then to
'Preferences...'.

2. In the new window which loads, go to 'Plug-ins' and 'Input'.

3. Look for the input plug-in items 'Nullsoft Module Decoder' and double
click it to bring up the 'Nullsoft Module Decoder Preferences' window.

4. Select the 'Fasttracker 2' loader and deselect the 'Enabled' checkbox to
the right of the loaders list.

5. Close all of the option windows and return to the main player.
Click to expand...
 
Status
Not open for further replies.

Similar threads

A
Zyxel warns about new critical vulnerabilities found in its NAS devices
Replies
1
Views
242
Vanderlinde
V
A
VMware forced to patch dangerous vulnerabilities in discontinued products
Replies
0
Views
105
Alfonso Maruccia
A
D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
280
envirovore
envirovore

Latest posts

Back