Steve, One of the questions that I have not seen answered is whether or not earlier versions of Win Amp are compromised by this problem; what do you think? In other words, does one need to download this patch, if they are using, say, 5.09 or something?
Thanks, Mac Norins ---- Original Message ----- From: "Steve Pattison" <[EMAIL PROTECTED]> To: "PC Audio" <[email protected]>; "Access-L" <[EMAIL PROTECTED]> Sent: Wednesday, February 01, 2006 4:11 AM Subject: Fwd: New Winamp Security Vulnerability >To: [EMAIL PROTECTED] >From: Chipmunks [EMAIL PROTECTED] > >This just came off of a list I'm on. > >Doris > >New Winamp Security Vulnerability > >Tech News: > >Nullsoft has just released an update to Winamp aimed at fixing a serious >security vulnerability that opened up systems to remote attack. > > The company posted version 5.13 of the media player online on Monday >after Secunia and other security companies issued alerts about the problem. >Malicious software exploiting the "extremely critical" flaw was already >circulating on the Internet, according to Secunia's advisory. > > A security researcher by the nickname of Kozan discovered the flaw in > the >Winamp 5.12 that can be exploited to compromise a user's system. Proof of >concept code was published last Sunday. > > An attacker could exploit the flaw through a specially crafted > playlist >file. Upon opening the file, the flaw results in a buffer overflow, >allowing >the attacker to launch applications and take over control of a system. The >vulnerability effectively allows the attacker to turn the computer into a >zombie system or steal data from the system's hard drive. > > Even though the security company gave the vulnerability its highest >rating for software threats, it noted that the number of people who use >Winamp has declined over the years, so the scope of the problem is not as >large as it once might have been. > > "Winamp used to be the world's most popular MP3 player and is still > quite >popular, but as Windows Media Player has gotten better, some users have >migrated over," said Thomas Kristensen, Secunia's chief technology officer, >to CNETnews.com. > > "We aren't aware of any systems that have been compromised yet, but > it's >likely to happen since there's exploit code out," Kristensen said. > > Well, as you can plainly see, nothing is safe anymore. Not even your >music player. So, if you want to keep your system safe, go to >www.winamp.com/player/ >and get the latest Winamp version. Regards Steve Email: [EMAIL PROTECTED] Skype: steve1963 MSN Messenger: [EMAIL PROTECTED] _______________________________________________ PC-Audio List Help, Guidelines, Archives and more... http://www.pc-audio.org To unsubscribe from this list, send a blank email to: [EMAIL PROTECTED] This list is a service of MosenExplosion.com. To see what other lists we offer, visit us on the web at http://www.MosenExplosion.com _______________________________________________ PC-Audio List Help, Guidelines, Archives and more... http://www.pc-audio.org To unsubscribe from this list, send a blank email to: [EMAIL PROTECTED] This list is a service of MosenExplosion.com. To see what other lists we offer, visit us on the web at http://www.MosenExplosion.com
