Nullsoft late Monday fixed a critical flaw in its flagship Winamp music player that could have allowed attackers to grab control of PCs.

Gregg Keizer, Contributor

January 31, 2006

1 Min Read

Nullsoft late Monday fixed a critical flaw in its flagship Winamp music player that could have allowed attackers to grab control of PCs simply by duping people into downloading a playlist.

The fix, dubbed Winamp 5.13, can be downloaded from the Nullsoft Web site.

Alternately, users can download only the affected DLL -- "in_mp3.dll" -- from here, and place it in the Winamp\Plugins folder.

Various security firms raised alerts on Monday to warn Winamp users, with one -- Danish company Secunia -- tagging it with its highest threat level, "Extremely critical."

A moderator on a Nullsoft message board said Monday that the patched DLL would be included in the next public releases of Winamp 5.2 beta, "hopefully today." The most recent build of the beta on the Nullsoft site, marked "365," was posted prior to the vulnerability's discovery, however.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights