Be Careful With Winamp Links
Update, 4:28 p.m. ET: Nullsoft has released a new version of Winamp (v. 5.13) that apparently fixes this vulnerability. If you are using Winamp as your media player, be sure to download and install this important update.
Here's what I wrote about this earlier today:
Security experts are warning that instructions have been posted online detailing how bad guys could take advantage of a previously unknown critical security hole in the popular Winamp media player to install potentially dangerous files on users' computers. There currently is no patch available from Winamp to address this issue, and the published exploit works as advertised.
The problem has to do with the way Winamp processes files ending in ".pls," which the software recognizes as playlist files. For instance, if you check out the free Internet radio stations at Shoutcast.com and click on a "tune in" link to listen to one of the hundreds of stations available for streaming, your browser will attempt to open up a .pls file.
Exactly what happens when you click on a link to a ".pls" file depends on which Web browser you are using. When I click on one of those links in Mozilla's Firefox browser, I get a pop-up message that says, "you have chosen to open 'shoutcast-playlist.pls"; it then asks me what I want Firefox to do with the file.
Clicking on such a link in Microsoft's Internet Explorer automatically opens the playlist file and starts up Winamp. This means that IE users who aren't careful about clicking on Winamp playlist links could find their computers owned by attackers using the exploit. This is likely to be one of those flaws that is just too good for the bad guys to pass up using, as Winamp is quite popular. The application has attracted a loyal following in part due to its customization options.
January 30, 2006; 2:01 PM ET
Categories: Latest Warnings
Save & Share: Previous: Letter from BlackHat Federal
Next: Research: Buggy, Flawed 'ActiveX' Controls Pervasive
Posted by: Alan | January 30, 2006 3:15 PM | Report abuse
Posted by: imgoph | January 30, 2006 4:14 PM | Report abuse
The comments to this entry are closed.