Network News

X My Profile
View More Activity

Be Careful With Winamp Links

Update, 4:28 p.m. ET: Nullsoft has released a new version of Winamp (v. 5.13) that apparently fixes this vulnerability. If you are using Winamp as your media player, be sure to download and install this important update.

Here's what I wrote about this earlier today:

Security experts are warning that instructions have been posted online detailing how bad guys could take advantage of a previously unknown critical security hole in the popular Winamp media player to install potentially dangerous files on users' computers. There currently is no patch available from Winamp  to address this issue, and the published exploit works as advertised.

The problem has to do with the way Winamp processes files ending in ".pls," which the software recognizes as playlist files. For instance, if you check out the free Internet radio stations at Shoutcast.com and click on a "tune in" link to listen to one of the hundreds of stations available for streaming, your browser will attempt to open up a .pls file.

Exactly what happens when you click on a link to a ".pls" file depends on which Web browser you are using. When I click on one of those links in Mozilla's Firefox browser, I get a pop-up message that says, "you have chosen to open 'shoutcast-playlist.pls"; it then asks me what I want Firefox to do with the file.

Clicking on such a link in Microsoft's Internet Explorer automatically opens the playlist file and starts up Winamp. This means that IE users who aren't careful about clicking on Winamp playlist links could find their computers owned by attackers using the exploit. This is likely to be one of those flaws that is just too good for the bad guys to pass up using, as Winamp is quite popular. The application has attracted a loyal following in part due to its customization options.

By Brian Krebs  |  January 30, 2006; 2:01 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Letter from BlackHat Federal
Next: Research: Buggy, Flawed 'ActiveX' Controls Pervasive

Comments

A workaround is described here:

http://www.frsirt.com/english/advisories/2006/0361

Posted by: Alan | January 30, 2006 3:15 PM | Report abuse

go to winamp.com, they have a new version out now...apparently they've fixed the security hole

Posted by: imgoph | January 30, 2006 4:14 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company