Hackers have created an exploit targeting a serious security vulnerability in Winamp, the popular media player. Users are strongly urged to update their software to Winamp version 5.13 to guard against attack.

A remotely exploitable buffer overflow bug in version 5.12 of Winamp creates a means for hackers to take over machines running the vulnerable software, providing they can trick users into visiting maliciously constructed websites. A malformed playlist file, containing a filename starting with an overly long computer name, would be automatically downloaded and opened in Winamp because of the security bug. Winamp version 5.12 is confirmed as vulnerable and older versions may also be susceptible to attack. ®

Related stories

• Winamp blighted by bug brace (21 January 2008)

  https://www.theregister.com/2008/01/21/winamp_vuln/

• IE + RealPlayer = Security hole (20 October 2007)

  https://www.theregister.com/2007/10/20/realplayer_vuln/

• Poisoned MP4 files threaten Winamp users (2 May 2007)

  https://www.theregister.com/2007/05/02/winamp_0-day/

• Warning: critical Winamp vuln (25 November 2004)

  https://www.theregister.com/2004/11/25/winamp_vuln/

• AOL axes Nullsoft - whither Winamp, Shoutcast? (11 November 2004)

  https://www.theregister.com/2004/11/11/aol_axes_nullsoft/

• WinAmp flayed by skins attack (26 August 2004)

  https://www.theregister.com/2004/08/26/winamp_brown_alert/