Winamp plug-in backdoor wide open to viral penetration
But plugged firmly in latest release
Winamp media player users need to update their software following the discovery of multiple security holes, some of which provide a means to distribute malware via booby-trapped media files.
Version 5.6 of the software for Windows fixes a critical integer overflow vulnerability in the the "in_nsv.dll" plug-in library that leaves users exposed to viral attack – provided, of course, that they are first tricked into opening a maliciously constructed stream or media file. The update from developers Nullsoft also addresses a potentially nasty, but probably less easy to exploit, bug involving the handling of midi files. The release also includes a number of performance and stability tweaks.
A release announcement can be found on Nullsoft's forum but details of the security side of the update can more easily be reviewed via an advisory on the bugs by security notification firm Secunia here. ®
Outraged of Tunbridge Wells
Backdoor penetration? But plugged?
This site gets filthier by the day.
"But plugged firmly in latest release"
Before I clicked on the comments link for this article, I thought to myself: "what's the bet the first comment is from someone desparate to tell the world how shit Winamp is these days?"
Thanks at least for keeping it short.