Tuesday, January 31, 2006

WinAmp Security Flaw Upgrade Fix Available

WinAmp has a major security flaw. The new version, 5.13, of Winamp, an MP3 and multimedia player used worldwide, is now available. As the new version fixes a critical security flaw, we recommend Winamp users install this update immediately.

The vulnerability lies in a buffer overflow, which occurs when processing over-long .PLS file names. This flaw could allow a remote user to run arbitrary code and therefore, compromise the security of affected systems.

What's more, an exploit (*) has been published, which increases the risk of attacks that take advantage of this vulnerability.

The vulnerability has been confirmed in Winamp 5.12, but previous versions could also be affected. Users of Winamp are advised to install version 5.13, which is available at: http://www.winamp.com/player/

(*) Exploit: technique or program that exploits a security flaw- a vulnerability- in a certain communication protocol, operating system or IT tool.