In association with heise online

30 November 2010, 15:40

Nullsoft closes multiple Winamp vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Winamp Logo The Nullsoft developers have released version 5.6 of their Winamp media player, adding a number of new features and addressing multiple security vulnerabilities. According to security specialist Secunia, the latest stable update fixes two "highly critical" bugs in the software that could be exploited by an attacker to compromise a user's system.

An integer overflow issue exists in the "in_nsv.dll" plug-in that can be exploited to cause a heap-based buffer overflow, possibly leading to the execution of arbitrary code on a victim's system. For an attack to be successful, a victim must first open a specially crafted stream or file. Additionally, the update fixes a second integer overflow in "in_midi" that could lead to buffer overflows.

Further information about the update can be found in the release announcement post on the Winamp Forums and in the change log. Winamp 5.6, Build 3080 (, is available to download for Windows. All users are advised to upgrade to the latest release as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit