Winamp Warning - Tilted Forum Project Discussion Community

zz0011 · 02-01-2006, 02:01 PM

Dudes and dudettes,

I am on the US Cyber Security Alert mailing list. Sometimes they issue some helpful warnings. If you like Winamp, this might be a helpful warning to youse.

So get updating! Ciao!

--------- Forwarded message ----------
From: US-CERT Alerts <alerts@us-cert.gov>
Date: Wed, 1 Feb 2006 15:01:57 -0500
Subject: US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA06-032A

Winamp Playlist Vulnerability
Original release date: February 1, 2006
Last revised: --
Source: US-CERT

Systems Affected
* Microsoft Windows systems that have Winamp installed.

Overview
Winamp, a popular media player, has a vulnerability that could allow an attacker to take control of your system. Upgrading to the latest version of Winamp will take care of this vulnerability.

Solution
Install an Update
You can download and install Winamp 5.13 to avoid the vulnerability.

Description
A vulnerability in Winamp 5.12, and possibly in earlier versions, allows an attacker to run malicious code on your system when you open a playlist file. This malicious code could also be embedded in a web page, and could execute, without your knowledge, when you visit a malicious web page or open an HTML document.

For more technical information, see US-CERT Technical Alert TA06-032A.

References
* Winamp Version History -
http://www.winamp.com/player/version_history.php
* US-CERT Technical Cyber Security Alert TA06-032A -
http://www.us-cert.gov/cas/techalerts/TA06-032.html
* US-CERT Vulnerability Note VU#604745 -
http://www.kb.cert.org/vuls/id/604745

The most recent version of this document can be found at:
http://www.us-cert.gov/cas/alerts/SA06-032A.html

Mailing list information:
http://www.us-cert.gov/cas/

Produced 2006 by US-CERT, a government organization.
Terms of use:
http://www.us-cert.gov/legal.html

Revision History
February 5, 2006: Initial release

CSflim · 02-01-2006, 02:16 PM

Thanks for the heads-up. Going to go upgrade now...

meanSpleen · 02-01-2006, 11:43 PM

You know, Winamp asked me to update because of a memory leak... This morning. At least I am updated with a good reason this time, thanks! *signs up for list*

02-01-2006, 02:01 PM	#1 (permalink)
zz0011 Crazy Location: buckle of the snow belt	Winamp Warning Dudes and dudettes, I am on the US Cyber Security Alert mailing list. Sometimes they issue some helpful warnings. If you like Winamp, this might be a helpful warning to youse. So get updating! Ciao! --------- Forwarded message ---------- From: US-CERT Alerts <alerts@us-cert.gov> Date: Wed, 1 Feb 2006 15:01:57 -0500 Subject: US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Alert SA06-032A Winamp Playlist Vulnerability Original release date: February 1, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows systems that have Winamp installed. Overview Winamp, a popular media player, has a vulnerability that could allow an attacker to take control of your system. Upgrading to the latest version of Winamp will take care of this vulnerability. Solution Install an Update You can download and install Winamp 5.13 to avoid the vulnerability. Description A vulnerability in Winamp 5.12, and possibly in earlier versions, allows an attacker to run malicious code on your system when you open a playlist file. This malicious code could also be embedded in a web page, and could execute, without your knowledge, when you visit a malicious web page or open an HTML document. For more technical information, see US-CERT Technical Alert TA06-032A. References * Winamp Version History - http://www.winamp.com/player/version_history.php * US-CERT Technical Cyber Security Alert TA06-032A - http://www.us-cert.gov/cas/techalerts/TA06-032.html * US-CERT Vulnerability Note VU#604745 - http://www.kb.cert.org/vuls/id/604745 The most recent version of this document can be found at: http://www.us-cert.gov/cas/alerts/SA06-032A.html Mailing list information: http://www.us-cert.gov/cas/ Produced 2006 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html Revision History February 5, 2006: Initial release __________________ 10th sig ~> "How many a dispute could have been deflated into a single paragraph if the disputants had dared to define their terms?" -- Aristotle

02-01-2006, 02:16 PM	#2 (permalink)
CSflim Sky Piercer Location: Ireland	Thanks for the heads-up. Going to go upgrade now... __________________

02-01-2006, 11:43 PM	#3 (permalink)
meanSpleen Squid hat! Location: A Few Miles Away From Halx	You know, Winamp asked me to update because of a memory leak... This morning. At least I am updated with a good reason this time, thanks! signs up for list __________________ Like TFP? Donate To Keep It Alive!!