Winamp plug-in backdoor wide open to viral penetration
But plugged firmly in latest release
Winamp media player users need to update their software following the discovery of multiple security holes, some of which provide a means to distribute malware via booby-trapped media files.
Version 5.6 of the software for Windows fixes a critical integer overflow vulnerability in the the "in_nsv.dll" plug-in library that leaves users exposed to viral attack – provided, of course, that they are first tricked into opening a maliciously constructed stream or media file. The update from developers Nullsoft also addresses a potentially nasty, but probably less easy to exploit, bug involving the handling of midi files. The release also includes a number of performance and stability tweaks.
A release announcement can be found on Nullsoft's forum but details of the security side of the update can more easily be reviewed via an advisory on the bugs by security notification firm Secunia here. ®