Old 27th October 2004, 14:59   #1
Mykeknauff
Junior Member
 
Join Date: Oct 2004
Posts: 3
Winamp 3 - 5.04 Security Flaw

Can somebody explain what exactly the critical security flaw in winamp 3 is? I keep getting a message about it when I open up Winamp
Mykeknauff is offline  
Old 27th October 2004, 15:23   #2
JonnyMac
Moderator
 
JonnyMac's Avatar
 
Join Date: Dec 2000
Posts: 14,380
Winamp.com - Winamp Security Bulletin
Winamp Unlimited - Security Exploit Advisory

It is strongly advised to upgrade.

Please do not PM me for tech support. Any request for tech support through PM will be ignored.
Read the Stickies
---> | | | | <--- Knowledge is power
JonnyMac is offline  
Old 27th October 2004, 15:44   #3
JonnyMac
Moderator
 
JonnyMac's Avatar
 
Join Date: Dec 2000
Posts: 14,380
Addendum - Guide to "sidegrading" from Winamp3 to Winamp 5

Guide to "sidegrading" from Winamp3 to Winamp 5


Apparently you are using Winamp3. Incase you have any questions about switching from WA3 to WA 5...

Winamp 5 is the upgrade/continuation of Winamp 2. Winamp3 was built from the ground up as a new Winamp. It was forced into a early release and was not met by great admiration. Eventually that lead to WA3's demise. The demand for Winamp3 may have died, but the demand for free form (AKA modern) skins did not. To answer the demand, a plug-in was added to Winamp 2 that supported WA3 style (free from, modern) skins. Winamp 2 was renamed Winamp 5 (Winamp 2 + Winamp3 skin support = Winamp 5). Only Winamp 5 Full, Bundle or Pro have modern skin support.

Be sure not to install WA 5 over the WA3 directory/folder. Because WA3 and WA 5 are two different media players, installing WA 5 of WA3 can cause problems. Also, you don't need to install the Pro package if you don't want to.

Near the end of the installation process you will be asked if you want to “Upgrade the Winamp3 install to Winamp 5.x and migrate the skins to Winamp 5.x?”

If you want to keep separate Winamp3 and Winamp 5 installations select NO. If you are sure you no longer want to use Winamp3 and want to "upgrade" to Winamp 5 select YES. Note: Selecting Yes will remove the default installation files of Winamp3 and the modern skin files (.wal) will be moved to the Winamp5 directory. What to select is up to you, however IMHO I would suggest selecting NO. That way until you learn your way around WA 5, you still have WA3 to fallback on. See screenshot/attachment: WA3toWA_5

The following is a list of various WA3 features and how to find, apply or add them
in WA 5.

Auto-Play at Startup
Try the Time Restore & Autoplay plug-in. APaS on steroids. (updated version v2.06)

Components and Add-Ons/SkinMods
Sorry, WA3 components (WA3 "plug-ins") and Add-Ons/SkinMods (individual skin scripts) are not compatible with WA 5.

Control Menu
Now called the 'Widow Settings' menu and is available in Winamp's main menu. Also available by pressing the Control Menu button or title bar icon/button for any modern skin that has it. Also, as with Winamp3, Ctrl+'Right Click' is a shortcut to the Window Settings menu. As only modern skins support opacity and scaling, the Windows Settings (AKA Control) menu is not available to classic skins.

Cross-Fade
Cross-fade is built in to the DirectSound output plug-in...
  1. Ctrl+P
  2. Plug-ins > Output
  3. double click 'DirectSound output'
  4. Fading tab
  5. click on the various fade options of choice and click Enabled
  6. close out of Preferences
The fade button(s) in the Modern skins control the 'on end of song' option . For classic skins or mod skin without fade controls, try the NxS XFade control plug-in (alternate download).

Learn Button
The learn button was an auto-gain/normalize feature incorporated about the time of WA3’s demise. As of Winamp 5.3, there is an optional global ReplayGain (auto-gain/normalize) feature. However, the learn button on the old Winamp3 skins does not work with Winamp 5's Replay Gain feature. Info in using WA 5 Replay Gain...
...&bull; Winamp Tutorial: Automatic Volume Leveling in Winamp with Replay Gain
...&bull; Winamp Help > General Preferences: Playback > Replay Gain

Playlist Management
B4S Playlists

Pertains to WA versions prior to 5.22. Native B4S support for WA 5 was implemented as of 5.22.

If you saved Winamp3 playlist(s) as .B4S files they can not be natively read by pre 5.22 versions of Winamp. To use WA3's .B4S playlists you will need one or both of the following plug-ins...Enqueue/Dequeue
WA 5 Full, Bundle or Pro does have enqueue function like WA3. It is part of the JTFE plug-in. In the playlist with the selection(s) highlighted Q = enueue and Shift+C = dequeue. The options can also be place on the right click menu. (Ctrl+P > General Preferences > Jump to File > Menu and Buttons tab). You can also use the Jump To Filebox (J or F3) to enqueue/dequeue.

Loaded Playlists/Sidecar/Multi Playlists
WA3's playlist sidecar (loaded playlists) was not a feature of WA 2 and thus not a native feature in WA 5.

You can have multiple playlists in the Media Library. In the playlist editor you can switch between the ML playlists by...
Click Manage Playlist (or List) button (right click if using a classic skin) > select "Open playlists from Media Library"

However, don't get too disappointed. As of Winamp 5.5 there is a WA3 style multi-playlists sidecar style feature. It is part of the new default Bento modern skin. It is available in the multi-content panel (top middle panel) and it is called 'Stored Playlists' There is also one available for the Winamp Modern skin (via a download). The "sidecar" uses the ML playlists. The Modern Default skin sidecar is available for download via the Winamp 5 Essentials Pack.

Quick Selection Box - Playlist Search Bar
Press The F3 or J key to bring up a highly functional Jump To (search) Box. Winamp Full (free), Bundle (free) or Pro supports additional Jump To box functions.

Remove Duplicates
With WA 5 Full (free), Bundle (free) or Pro - Rem button > Remove... ('Remove Misc' for classic skin) > Remove Duplicate Entries

Repeat Single File
Winamp 5 also has it and it is not borked. Read here for tips on using Repeat One in Winamp 5.

Sort Options
For additional playlist sort options try the Active Winamp plug-in. There is also a Sort by Length plug-in.

Opacity/Translucency with classic skins
Classic skins were developed before Windows 2000/XP, therefore classic skins (*.wsz) do not natively support opacity. It is the Modern skins (*.wal) that have opacity "built in". However you can get opacity/translucency effects for Classic skins with one of the following General Purpose plug-ins...Note: Opacity/Translucency plug-ins require Windows 2000, XP or Vista.

Skinned Menus
Try NxS Skinned Menus. Applies the skins color to Winamp's menus. A little buggy, but it works.

Skinned or Themed Preferences/Options & About Window
To get preferences and about boxes/windows in Winamp to match the current skin theme (colors, buttons), try the Skinned Preferences plug-in (updated version 0.86.1 alpha). It will also skin some standard Windows dialogue boxes, such as Open dialogue and plug-ins that use standard boxes.

Thinger
A lot of 3rd party modern skins have thinger, however classic skins and the Winamp Modern default skins do not. For a alternative/substitute try the NxS Thinger plug-in (alternate download).

Winamp Browser (AKA MiniBrowser)
The Winamp Browser is integrated into the Media Library and is called Now Playing. Best of all, unlike the WB from WA3 Now Playing has navigation buttons .
Don't confuse the separate Station Info window with Now Playing (AKA MiniBrowser). The Station Info window is for AOL Radio XM and SHOUTcast Radio category in Streaming Media section of the ML. Alt+T key combo = Now Playing shortcut

Winamp3 Skin (one or more of the following skins)...Additional Info

Concern about "upgrading"/"sidegrading" from WA3 to WA 5 | (Taken from here)

From the Troubleshooters Sticky...
Built-in crossfader issues:
http://forums.winamp.com/showthread....46#post1212346

Winamp3-style enqueue/dequeue, multiple playlists, sidecar etc
http://forums.winamp.com/showthread....77#post1178277
http://forums.winamp.com/showthread.php?threadid=158335
http://forums.winamp.com/showthread....79#post1216979

Go To Top Of Post
__________________________________________________________

anchors: post1504064 - features - Auto - components - ControlMenu - fade - learn - b4s - queue - sidecar - quick - search - repeat - sort - opacity - skinned - thinger - browser - skin

thread link = http://forums.winamp.com/showthread.php?s=&threadid=197602


search keywords: Winamp3 sidegrade sidegrading side-grade side-grading upgrade upgrading guide convert B4S bpl sidecar popple loaded multi playlists search bar side bar searchbar sidebar


Please report dead or broken links via PM with the subject line Dead Links – WA3 WA 5 Guide. Links will be corrected as time allows. Don't be disappointed if you do not receive reply, so Many Thanks In Advance.

[edit > JonnyMac] Revised October 2007 [/edit]

Please do not PM me for tech support. Any request for tech support through PM will be ignored.
Read the Stickies
---> | | | | <--- Knowledge is power
JonnyMac is offline  
Old 29th October 2004, 03:40   #4
Mykeknauff
Junior Member
 
Join Date: Oct 2004
Posts: 3
thanks for the help
Mykeknauff is offline  
Old 23rd February 2005, 22:04   #5
adam_kimber
Junior Member
 
Join Date: Oct 2001
Location: A small hole called bath
Posts: 6
Send a message via Yahoo to adam_kimber
Re: Winamp 3 - 5.04 Security Flaw

Quote:
Originally posted by Mykeknauff
Can somebody explain what exactly the critical security flaw in winamp 3 is? I keep getting a message about it when I open up Winamp
Hi. I get the same message and I do not wnat to upgrade to Winamp5 as it lacks the sidecar that Winamp3 has. (DrO I read is working on a sidecar for Winamp5 which I eagerly await) But for now i do not want to swap. I do not mind the security flaw in and its relation to IE as a) I do not use IE and b) IE is not allowed to access the internet via my firewalls.

I would like to know how to disable the popup message so that I can continue to use a nice piece of software without being nagged constantly by a silly popup.

Sorry if this is a bit ranting.

Adam
adam_kimber is offline  
Old 23rd February 2005, 22:08   #6
siebe83
Forum King
 
siebe83's Avatar
 
Join Date: Feb 2004
Posts: 9,224
Prefs (Ctrl+P) > Internet > uncheck 'Check for new versions of Winamp at startup'

Good Winamp plugins by Joonas, DrO and shaneh.
If you're bored go here or, if the boredom is more serious, here.
siebe83 is offline  
Old 23rd February 2005, 22:19   #7
adam_kimber
Junior Member
 
Join Date: Oct 2001
Location: A small hole called bath
Posts: 6
Send a message via Yahoo to adam_kimber
Ah. Sweet. Do you how long I have tried to find how to turn this off. It was so simple *looks embarrassed*.

Big thumbs up to you siebe83 and thanx for replying real quick.
adam_kimber is offline  
Old 25th February 2005, 18:00   #8
Mykeknauff
Junior Member
 
Join Date: Oct 2004
Posts: 3
Thanks, I was actually wondering that myself, as I would prefer to keep winamp 3 (It ain't broke, so why fix it) and also do not use internet explorer.
Mykeknauff is offline  
Old 31st August 2005, 00:01   #9
xvo4
Junior Member
 
Join Date: Aug 2005
Posts: 1
a few questions.
-are the earlier winamp versions vulnerable?
-do i have anything to worry about from earlier versions on winamp?

-can you suggest on how to fix, if this problem happens?
-do you only suggest, and to urge an upgarde?

thanks, the previous message is below.

- http://www.winamp.com/about/article.php?aid=10605
Winamp Security Bulletin
Published: Aug. 27, 2004
By Steve Gedikian


Nullsoft has issued a fix for a newly discovered security vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.

The vulnerability takes advantage of the Winamp Skin installer mechanism coupled with a security hole within the Internet Explorer browser.

To be vulnerable, a user must navigate to a specifically crafted web page which automatically installs a malicious Winamp Skin.

This skin launches an embedded Internet Explorer browser within the Skin using a feature of the Winamp Modern Skin Engine.
This malicious Winamp Skin then uses the browser to launch a malicious application bundled within the skin.

There have been reports of this exploit in use on the web to automatically install Adware or Spyware applications without the users consent.

Winamp 5.05 resolves this exploit in two ways:

Winamp will now prompt all users with a confirmation window before installing any skins.
Winamp will now only extract files considered low risk before loading a Winamp Skin.
We strongly urge ALL Winamp users to upgrade to Winamp 5.05 immediately.

Go to the Winamp Player download page to download the latest version of the Winamp.
xvo4 is offline  
Old 31st August 2005, 00:16   #10
k_rock923
\m/
(Forum King)
 
k_rock923's Avatar
 
Join Date: Jul 2003
Location: /bin/bash
Posts: 7,857
Send a message via AIM to k_rock923
yes, upgrade

Never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway.
k_rock923 is offline  
Old 31st August 2005, 00:21   #11
DrO
 
Join Date: Sep 2003
Posts: 27,880
upgrade to the latest version of winamp is the advice which will be given since only the current version is supported (note that does not include Winamp3 or any of the old 2.x versions seeing as 5.x is an upgrade of 2.x)

-daz
DrO is offline  
Closed Thread
Go Back   Winamp & SHOUTcast Forums > Winamp > Winamp Technical Support

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump