INTERACT FORUM

More => Old Versions => Media Center 11 (Development Ended) => Topic started by: Ton on April 05, 2004, 04:01:07 pm

Title: OT:Winamp 2.91-5.02 has security vulnerability
Post by: Ton on April 05, 2004, 04:01:07 pm

Maybe this is old news but anyway I would like to pass on a warning I just got by email from a (dutch governmental) warning service which I am subscribed to, because it is not quite impossible that some MC users (still) have Winamp installed.
I was told that all but the latest (5.03) versions of Winamp appear to have a security vulnerability and that it is strongly advised to install the newest version 5.03.
The message is too long to translate completely here, but the above is the essence.
If it's old news I am sorry to repeat it.

Title: Re:OT:Winamp 2.91-5.02 has security vulnerability
Post by: xen-uno on April 05, 2004, 04:12:15 pm

I really doubt there's anything to this WA security scare. I have WA 2.91 installed and to date, have never heard anything about this anywhere. It could be along the lines of these bogus Microsoft Security Update e-mails I've been getting (one said attached file contained all security updates up to June 1995).

10^-27

Title: Re:OT:Winamp 2.91-5.02 has security vulnerability
Post by: Matt on April 05, 2004, 04:24:35 pm

Quote from: xen-uno on April 05, 2004, 04:12:15 pm

one said attached file contained all security updates up to June 1995

Sounds handy.  I'd forward it to all your friends :P

Title: Re:OT:Winamp 2.91-5.02 has security vulnerability
Post by: Ton on April 05, 2004, 04:38:45 pm

I have translated the message and it goes like this:

"In Winamp a serious vulnerability has been detected. Through this hackers are able to completely take control over a computer or start random programs (like viruses and worms). Computer users can be tempted to click on a file that then will be automatically played through Winamp. This file also can be offered through a website. When the webpage is visited then with a browser, Winamp will be started automatically and the malicious program is executed on the visitor's computer.
Possible consequenes: Viruses and worms are executed. Personal data like passwords or creditcardnumbers are stolen. Files are rewritten and are unusable.
The vulnerability is solved in Winamp 5.03 and you are stronly advised to install this version as soon as possible".

Like I said I got it this evening. It was sent by an official dutch governmental service which sends its subscribers email alerts when a serious virus threat or something alike has been detected.
Of course I can't judge if it is really serious.

Title: Re:OT:Winamp 2.91-5.02 has security vulnerability
Post by: Ton on April 05, 2004, 05:33:35 pm

I also posted this on the misticriver forum (for iriver enthusiasts) and one of the forummembers there found this link:
http://slashdot.org/articles/04/04/05/2033235.shtml?tid=126&tid=141&tid=172&tid=188
Seems that it is true.