US-CERT Cyber Security Alert SA06-032A -- Winamp Playlist Vulnerability

National Cyber Alert System

Cyber Security Alert SA06-032A

Winamp Playlist Vulnerability

Original release date: February 1, 2006
Last revised: February 23, 2006
Source: US-CERT

Systems Affected

Microsoft Windows systems that have Winamp installed.

Overview

Winamp, a popular media player, has a vulnerability that could allow an attacker to take control of your system. Upgrading to the latest version of Winamp will take care of this vulnerability.

Solution

Install an Update

You can download and install Winamp 5.2 to avoid the vulnerability.

Description

A vulnerability in Winamp 5.13, and possibly in earlier versions, allows an attacker to run malicious code on your system when you open a playlist file. This malicious code could also be embedded in a web page, and could execute, without your knowledge, when you visit a malicious web page or open an HTML document.

For more technical information, see US-CERT Technical Alert TA06-032A.

References

Winamp Version History - <http://www.winamp.com/player/version_history.php>

US-CERT Technical Cyber Security Alert TA06-032A - <http://www.us-cert.gov/cas/techalerts/TA06-032.html>

US-CERT Vulnerability Note VU#604745 - <http://www.kb.cert.org/vuls/id/604745>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

February 1, 2006: Initial release
February 23, 2006: Changed Winamp version to 5.2

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting