Nullsoft Fixes Critical Winamp Bug
Nullsoft late Monday fixed a critical flaw in its flagship Winamp music player that could have allowed attackers to grab control of PCs.
Nullsoft late Monday fixed a critical flaw in its flagship Winamp music player that could have allowed attackers to grab control of PCs simply by duping people into downloading a playlist.
The fix, dubbed Winamp 5.13, can be downloaded from the Nullsoft Web site.
Alternately, users can download only the affected DLL -- "in_mp3.dll" -- from here, and place it in the Winamp\Plugins folder.
Various security firms raised alerts on Monday to warn Winamp users, with one -- Danish company Secunia -- tagging it with its highest threat level, "Extremely critical."
A moderator on a Nullsoft message board said Monday that the patched DLL would be included in the next public releases of Winamp 5.2 beta, "hopefully today." The most recent build of the beta on the Nullsoft site, marked "365," was posted prior to the vulnerability's discovery, however.
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
Aug 15, 20242024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022