Nullsoft has released a fixed version 5.13 now. Internet Storm Center
shared the information last night at
http://isc.sans.org/diary.php?storyid=1080
An official download link is
http://www.winamp.com/player/
- Juha-Matti
You can disable auto launching Winamp for playlist files as a workaround.
For Firefox, go to Tools / Options settings, click on Download icon, then
click on View Edit Actions... Scroll down to M3U extension and then
push the Remove Action button. Firefox will no longer automatically
launch firefox for Winamp playlist files.
It is a good idea in general for attack surface reduction to trim down the
View Edit actions to just the ones you need. Do you really need AIFF and
AU autolaunching for instance? What about all those Quicktime and Acrobat
formats? Looks like a lot of unnecessary attack surface to me.
For IE you need to disable the file type in Windows Explorer. Go to Tools
/ Folder Options / File Types. Scroll down to the file extension you want
to change. In this case its M3U. Check Confirm after download. You will
be prompted to launch WinAmp if a M3U file is downloaded. You can remove
the file type completely but that will also remove the ability to
double-click to launch playlists from the Windows shell.
You may want to go through this list and check confirm after download for
many file types. It would be nice if more vendors installed their file
types with this option in place.
-Chris
