When music becomes dangerous


No, I'm not talking about the idiots over at RIAA that sue everyone who dares download an .mp3 or unlicensed piece of music.

I'm talking about the very popular WinAmp player, that seems to have a bug that could allow people with less than good intentions run code on your machine. Is it a dangerous exploit?

If you know that both NGSSoftware (the people that discovered the bug) as well as NullSoft (the creators of WinAmp) classify it as Highly Critical/High Risk, combined with the fact that there have been tens of millions of downloads of WinAmp, yes... you could say it could be a problem.

A new version is up for download : WinAmp 5.03 (Download here)

If you don't feel like upgrading to the patched 5.03 version, follow the NGSSoftware instructions on how to disable the plugin that contains the exploit.


Aargh, and I won't have access to my pc for a few more weeks >.<

ah well, at least I won't be using winamp then either haha. Thanks for informing us Servme... you saved the world from another threat. ;-)

Erm... that's exactly the problem, Nadia. You don't have to "use" WinAmp to be vulnerable. If you've got it installed, and you end up at a website that requests winamp to open a Fasttracker 2 (.xm) mod media file (and such a thing can be coded invisibly on a site, or be triggered to load when the page loads), it'll make WinAmp load the in_mod.dll library which has a problem with boundary checking - leaving the "attacker" read and write access to the memory stack, and thus also able to execute code in the security context of the logged on user.

Jess! stay away from my computer!! lol just kidding....

It was actually in the newspapers today, but I can't even use my pc here so I still think I'm fairly safe..and of course I'll update the thing as soon as I get back home.

I mean "upgrade" ... *mumbles something about computers and language*

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on April 6, 2004 1:21 AM.

MT script abuse was the previous entry in this blog.

Loomax DVD X-50 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.