Feeds

WinAmp flayed by skins attack

Exploit circulating for unpatched vuln

  • alert
  • submit to reddit

Build a business case: developing custom apps

Updated A serious security flaw in NullSoft's popular WinAmp player opens the door for crackers to seize control of vulnerable systems.

The vulnerability stems from a flaw in how the player processes Winamp skin zip files. This flaw means WinAmp users induced to visit a maliciously constructed website could find their PCs rooted. The vulnerability has been confirmed on a fully patched system with WinAmp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1. WinAmp 3.x users are also potentially in peril. And that's not the worst of it. The bug, reported by the K-OTik.COM Security Survey Team, is reportedly being actively exploited in the wild.

Update - 31 Aug

Nullsoft has released an updated version of Winamp that addresses the vulnerability. You can download Wainamp version 5.5 here. ®

Related stories

XP audio vuln shout goes out
WinAmp's malicious MP3 vuln
Unholy trio of RealOne Player holes unearthed
CERT recommends anything but IE

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?