Security update for WinAmp available
Vendor Nullsoft has released an update that eliminates the vulnerability in the WinAmp multimedia player when dealing with MP4 files published last week. This replaces the vulnerable in_mp4.dll library in which the critical buffer overflow can occur. The next version of WinAmp, version 5.35, should also be free of the bug - although no release date for the new version has yet been given.
We have so far been unable to discover any official announcement of the update by the vendor. Although no MP4 files exploiting the vulnerability have yet been detected, users are recommended to install the update as soon as possible.
- Winamp 5.34 Released (plus 5.34a security patch) forum entry on the update
- Download the update from Nullsoft