Winamp update closes security holes
The developers at Nullsoft, a division of AOL Music, have released version 5.623 of their Winamp media player for Windows to fix several bugs and close three security holes found in previous builds. According to security specialist Secunia, the new update addresses a total of three vulnerabilities, rated as "highly critical", that could be exploited to compromise a victim's system.
These include two integer overflow errors in the
in_avi.dll plug-in and an issue in the
in_mod.dll plug-in that could lead to a heap-based buffer overflow and the execution of arbitrary code. For an attack to be successful, a victim must first open a specially crafted file. The problems have been confirmed in version 5.622; other builds may also be affected.
Further information about the update, including details of other non-security bug fixes and download links, can be found in the forum release announcement. At the time of writing, the official download page and the version history still list Winamp 5.622 as the current stable release.
- Winamp AVI / IT File Processing Vulnerabilities, security advisory from Secunia.