Next Generation Emulation banner

1 - 20 of 25 Posts

·
Premium Member
Joined
·
12,032 Posts
Discussion Starter #1
eWEEK reports users of America Online Inc.'s Winamp media player are at risk of remote code execution attacks because of a flaw in the software, according to a warning from a security research firm.

The flaw, which Secunia rates as "highly critical," has been reported in Winamp versions 5.05 and 5.06. Prior versions also may be affected.
Well looks like you might wanna use something else till Nullsoft fixes this.
 

·
!!!METAL UNCLE!!!
Joined
·
1,951 Posts
Why would you want to let Winamp access net anyway? I have closed winamps access to net thru firewall.
CDDB is kinda useless in mere mediaplayer, and internet tv isnt that usefull. 90% of good channels are always full and you need kinda fast connection to watch it smoothly. Internet radio is kinda neat, but thats not much...
 

·
Premium Member
Joined
·
12,032 Posts
Discussion Starter #7
Well, I'll play it safe and use something else. Usually they fix a problem within the week, so nothing to worry about.

/me dusts his ipod off
 

·
Registered
Joined
·
1,577 Posts
MaZa said:
Why would you want to let Winamp access net anyway? I have closed winamps access to net thru firewall.
CDDB is kinda useless in mere mediaplayer, and internet tv isnt that usefull. 90% of good channels are always full and you need kinda fast connection to watch it smoothly. Internet radio is kinda neat, but thats not much...
That would do absolutely nothing to solve the problem. Remember, being insecure is better than a false sense of security.
 

·
!!!METAL UNCLE!!!
Joined
·
1,951 Posts
Actually it will if i understood this threat correctly. Winamp will not open anything automaticly cuz its access to net is completely restricted. Im such a paranoid batard. :)
 

·
Premium Member
Joined
·
21,977 Posts
meh, they'll put out a fix, they always do. wasnt that what winamp 5.05 was for anyway?
 

·
Registered
Joined
·
1,577 Posts
MaZa said:
Actually it will if i understood this threat correctly. Winamp will not open anything automaticly cuz its access to net is completely restricted. Im such a paranoid batard. :)
Nope, it is not Winamp that actually downloads the M3U file. It is your browser that does, then uses Winamp to open it. The file then overflows the buffer, overwrites the EIP and execution jumps into the exploit code.
 

·
!!!METAL UNCLE!!!
Joined
·
1,951 Posts
scottlc said:
Nope, it is not Winamp that actually downloads the M3U file. It is your browser that does, then uses Winamp to open it. The file then overflows the buffer, overwrites the EIP and execution jumps into the exploit code.
And that is only if winamp is accos... assocc... what-ever-is-the-right-word :lol: to playlist files.
 

·
Registered
Joined
·
1,577 Posts
MaZa said:
And that is only if winamp is accos... assocc... what-ever-is-the-right-word :lol: to playlist files.
Yes, but in most cases this will be the case. Also, disallowing net access won't do anything in this case. Besides, if you disable net access, how are you going to listen to Icecast/Shoutcast streams?
 

·
Emulation to the max!
Joined
·
2,560 Posts
Why exactly would one download a m3u, or pls file unless to play stream video or music. So techiniquly disabling net access will fix this problem. But its all up to you. Just wait for a fix in the meantime. I'm sure you all got tons of music to listen to anyhow.
 

·
!!!METAL UNCLE!!!
Joined
·
1,951 Posts
scottlc said:
Yes, but in most cases this will be the case. Also, disallowing net access won't do anything in this case. Besides, if you disable net access, how are you going to listen to Icecast/Shoutcast streams?
I dont listen internet radio nor watch internet tv. My own mp3 collection is much better than what stream radios can offer.
 

·
Registered
Joined
·
1,577 Posts
Coolsvilleman said:
Why exactly would one download a m3u, or pls file unless to play stream video or music. So techiniquly disabling net access will fix this problem. But its all up to you. Just wait for a fix in the meantime. I'm sure you all got tons of music to listen to anyhow.
You seem to to be missing the point completely. Winamp DOES NOT NEED net access at all, it ONLY requires you to OPEN a malformed M3U or PLS file (as some people have their browsers do by default) and the exploit code works. In conclusion, technically disabling net access (however technical it may be) will not do an ounce of good in this case. The only way to completely avoid this threat is to disable automatic loading of downloaded playlists.

In case you still don't understand, I'd suggest Googling for information on the M3U playlist format and how it works when launching streams.
 

·
Premium Member
Joined
·
26,303 Posts
Goodthing I never used m3u files, other than Winamp's buit in one. Not that it matters anymore.
 
1 - 20 of 25 Posts
Top