Winamp Security Exploit Advisory

[SDK]

After Winzip, Quicktime, it's now the time for Winamp!! The version affect are from 2.91 to 5.02.

We have patched several moderate risk security exploits affecting all previous versions of Winamp. We recommend that all users of Winamp upgrade to the version 5.03 to protect against this vulnerability.

This vulnerability may be exploited in situations when a user navigates to a specially crafted web page containing a malicious .XM, .MOD, or .MIDI file and Winamp is set as the default player for these file types.

Click here (http://winamp.com/player/) to download the latest version of the Winamp player that will protect you from this exploit.

If you are a Winamp 2 user and wish to upgrade without all the bells and whistles of Winamp 5, please upgrade to Winamp 5.03 Standard and simply deselect the following components:

Modern Skin Support
User Interface Extensions
Video File Support
Please direct all inquries regarding this issue to Jonathan Ward

Thanks!

- Steve Gedikian, Stand-in Spokesman

Source and Advisory : http://www.winamp.com/about/article.php?aid=10565

[sun7dots]

IMHO if (for any reason) you don't want to upgrade or simply you can't, you can still secure your winamp. Open winamp options->preferences->input->nullsoft module decoder and disable fasttracker 2 module. Of course - because of this some files won't play but IMHO most of users won't even notice