Dudes and dudettes,
I am on the US Cyber Security Alert mailing list. Sometimes they issue some helpful warnings. If you like Winamp, this might be a helpful warning to youse.
So get updating! Ciao!
--------- Forwarded message ----------
From: US-CERT Alerts <alerts@us-cert.gov>
Date: Wed, 1 Feb 2006 15:01:57 -0500
Subject: US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA06-032A
Winamp Playlist Vulnerability
Original release date: February 1, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows systems that have Winamp installed.
Overview
Winamp, a popular media player, has a vulnerability that could allow an attacker to take control of your system. Upgrading to the latest version of Winamp will take care of this vulnerability.
Solution
Install an Update
You can download and install Winamp 5.13 to avoid the vulnerability.
Description
A vulnerability in Winamp 5.12, and possibly in earlier versions, allows an attacker to run malicious code on your system when you open a playlist file. This malicious code could also be embedded in a web page, and could execute, without your knowledge, when you visit a malicious web page or open an HTML document.
For more technical information, see US-CERT Technical Alert TA06-032A.
References
* Winamp Version History -
http://www.winamp.com/player/version_history.php
* US-CERT Technical Cyber Security Alert TA06-032A -
http://www.us-cert.gov/cas/techalerts/TA06-032.html
* US-CERT Vulnerability Note VU#604745 -
http://www.kb.cert.org/vuls/id/604745
The most recent version of this document can be found at:
http://www.us-cert.gov/cas/alerts/SA06-032A.html
Mailing list information:
http://www.us-cert.gov/cas/
Produced 2006 by US-CERT, a government organization.
Terms of use:
http://www.us-cert.gov/legal.html
Revision History
February 5, 2006: Initial release