Winamp media player users need to update their software following the discovery of multiple security holes, some of which provide a means to distribute malware via booby-trapped media files.

Version 5.6 of the software for Windows fixes a critical integer overflow vulnerability in the the "in_nsv.dll" plug-in library that leaves users exposed to viral attack – provided, of course, that they are first tricked into opening a maliciously constructed stream or media file. The update from developers Nullsoft also addresses a potentially nasty, but probably less easy to exploit, bug involving the handling of midi files. The release also includes a number of performance and stability tweaks.

A release announcement can be found on Nullsoft's forum but details of the security side of the update can more easily be reviewed via an advisory on the bugs by security notification firm Secunia here. ®

Related stories

• Winamp mends trio of old-school security holes (13 December 2011)
• Winamp advises forum password reset after mystery hack (16 February 2011)
• Windows malware dominates Mac malware detection chart (18 November 2010)
• WinAmp update fades out critical media player flaws (21 December 2009)
• Winamp blighted by bug brace (21 January 2008)
• AOL plays nice, pays developers (24 December 2007)
• Poisoned MP4 files threaten Winamp users (2 May 2007)