Neil Turner's Blog

Blogging about technology and randomness since 2002

Security flaw in Winamp

A flaw in Winamp 3.x and 5.x means that if you were to install a specially-crafted skin, it could cause arbitrary code execution. Secunia has released a security advisory about this and described it as “extremely critical”, as reportedly a spyware program is already using it as a method of infection (because, you know, viruses are so passe now – spyware is where it’s at). Often, skins will open automatically in Winamp when clicked upon from within a web browser so it’s possible that code could install without user intervention.

Winamp Unlimited has this entry with details of the flaw and what Nullsoft are going to do about it. It’s likely that a new release – 5.04a or 5.05 – will arrive soon with a fix for this and other small bugs. In the meantime, here’s an interim fix. It seems like Winamp 2.x isn’t affected by this.

Update: Winamp 5.05 is out, which corrects the flaw. Download it now or read the official security bulletin.

One Comment

  1. Tee hee – some people said I was daft for sticking with Winamp 2.8 but it does everything I need it to, I’ve got a skin on there I love (it’s a Buffy skin, natch!) and I don’t feel the need to upgrade for a load of features I don’t need. Seems I was sensible now! 😀