No announcement yet.

Winamp 5.x security vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • Winamp 5.x security vulnerability


    There is a high-risk security vulnerability in Winamp 5.x. I've reported that vulnerability to [email protected], but the only response that I've got is:

    > Dear ljuranic,
    > Hi, My name is Cristal and I will be able to assist you with your Winamp.
    > Thanks for the information!
    > I have sent your concerns to the appropriate staff members for immediate attention and consideration.
    > Thank you for writing to Winamp.
    I don't want to discuss that vulnerability in this public forum, but can anyone tell me what is going on with that vulnerability report?

  • #2
    Why not discuss the vulnerability here? Tag and Benski are forums members and developers for Winamp that do in fact read many of the posts here and will respond and act on some of them.

    Other users may wish to know if and how they may be exploited, and how to close up any holes with a potential workaround for now.

    What OS is this experienced on?

    What core components or Winamp-distro plugins are affected?

    How may one reproduce the exploit from their home system, if possible?

    Do you see any potential ways to remedy the problem until a fix is applied?

    This information may be more helpful than you think.

    Egg, JM, Tag, Benski, what are your thoughts?

    The Winamp.INI File for Dummies
    Tips and Tricks for MSVCRT.dll Errors


    • #3
      Benski's said he'll try to get in touch with Leon Juranic privately.

      LJ is right. It's not wise to discuss potential security vulnerabilities in public.

      Playlist | Twitter | Albums


      • #4
        Oops ... I didn't know that was a bad idea [I always see security vulnerability reports rolling around on the internet, for example, Secunia].

        Good though that Benski is aware and working to fix the vulnerability, whatever it might be
        The Winamp.INI File for Dummies
        Tips and Tricks for MSVCRT.dll Errors


        • #5
          Fixed... Maybe a small release will be forthcoming


          thanks, Leon


          • #6
            No problem at all


            • #7
              BTW: We will release vulnerability details probably in monday.


              • #8
                We have released an advisory regarding this vulnerability, so it would be good time to publish patched version.



                • #9
                  Hello, I'm wondering (along with everyone else who got a security advisory from various mailing lists) if there is a patch or a safe version to download yet or is 5.093 the corrected version? Many Thanks,


                  • #10
                    The patched 5.094 is due for release very shortly.

                    Playlist | Twitter | Albums


                    • #11
                      Patched 5.094 is now available
                      What is Winamp? Why is Winamp? How is Winamp? All these burning questions and issues discussed within.

                      Should go live on sometime on Thursday evening.

                      Playlist | Twitter | Albums


                      • #12
                        I reported this vuln 7 months ago and nothing was done about it.

                        Did you find a bug in Winamp? Can you reproduce it? Let us know, we'll try to fix it as soon as possible!

                        you should have listened then full advisory was never released and it can be exploited remotly just by visiting a web page


                        • #13
                          There was no active developers 7 months ago.

                          Leon was invited into our private irc channel, he provided a sample file and exact steps to reproduce the vulnerability, and it was fixed by benski in realtime within a matter of minutes.

                          I remember your post well, but I seem to remember closing it instantly after reading the last paragraph... though at the time there was no-one to report it to anyway :/

                          Playlist | Twitter | Albums