Critical bug found in WinAMP

By Julio Franco
Apr 6, 2004
Topic Status:
Not open for further replies.
  1. According to TechWorld, a "highly critical hole" found in the popular media player, WinAMP, can open a window to hackers that only by running Fasttracker 2 ".xm" media files through a malicious website... We recommend upgrading to the latest version of the player inmediately.

    It is possible to cause a heap overflow and so run code on the person's system. A ".xm" file is not needed however, as the software runs through all supported files with the same faulty piece of code. This greatly increases the opportunities hackers may have to con someone into clicking a link and so providing them with system access.
  2. Per Hansson

    Per Hansson TS Server Guru Posts: 1,930   +123 Staff Member

    Umm, does version 5.03 (latest) solve the issue then?

    I did not see it in the changelog....
  3. Julio Franco

    Julio Franco TechSpot Editor Topic Starter Posts: 6,520   +311

    According to TechWorld website it does. All previous versions including 2.x are vulnerable.
  4. Didou

    Didou Bowtie extraordinair! Posts: 5,899

  5. BrownPaper

    BrownPaper Newcomer, in training Posts: 467

    i guess all those people who want to stick with winamp 2.xx will have a really good reason to upgrade to winamp 5.xx. just use the classic winamp 2.xx style skins if you do not like the newer winamp3 style skins.

    didou, xmms would be good but most people are running windoze. ;)
  6. StormBringer

    StormBringer Newcomer, in training Posts: 2,871

    Wow, Fasttracker is a blast from the past. I used to love tinkering with modules.

    On a sad note, guess I'll be looking for a new mp3 player. I had gone back to 2.xx because Winamp 5.x was so bloated and such a hog. Quite a sad day, I've been a loyal user of Winamp since before the first release went public.
  7. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,458   +288

    So unless you are on some shady website and decide to click some audio link they have - you won't get affected right? Seems to me thats easy enough to avoid.

    /me sticks with Winamp 5.0superearlyalphaness:
    [​IMG]
  8. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,458   +288

    Ok my post above this was made without fully looking into the problem. But upon further investigation it appears my above comment was incorrect. This link explains to me what I didn't read first. But it also contains this important piece of information if you for any number of reasons don't want to upgrade your winamp, and don't use any Fasttracker files.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.