Foo - WinAmp users: update your WinAmp.
Bikeforums.net is a forum about nothing but bikes. Our community can help you find information about hard-to-find and localized information like bicycle tours, specialties like where in your area to have your recumbent bike serviced, or what are the best bicycle tires and seats for the activities you use your bike for.
mechBgon
02-02-06, 10:36 AM
The bad guys have discovered a nifty exploit for WinAmp. You can get the fixed 5.13 version from http://www.winamp.com/player/
From McAfee's writeup of the vulnerability:
This detection covers a 0-day exploit targeting WinAmp 5.12 that allows remote code execution via a specially crafted play list (.pls) file. Such exploit files could be executed with little user intervention (such as visiting a website that hosted malicious files), and the end result could be the silent installation of any number of viruses, trojans, and potentially unwanted programs.
free_pizza
02-02-06, 11:10 AM
winamp stinks IMO. iTunes all the way
KingTermite
02-02-06, 11:35 AM
ITunes is HORRIBLE IMO....WinAmp all the way!!! :)
Thanks for the heads up....I'm updated!
bmxking
02-02-06, 12:39 PM
good job!
iamlucky13
02-02-06, 06:10 PM
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
mechBgon
02-02-06, 08:31 PM
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.I hope you're right about 2.93 not having the vulnerability :) Here is Sunbelt's Blog writeup of an instance of WinAmp exploit that's being used to infect systems with both SpySheriff and a CWS variant :mad:
http://sunbeltblog.blogspot.com/2006/02/winamp-exploit-found-in-wi_113891339953448796.html
Screenshots included, for the eyecandy-oriented folks.
KingTermite
02-03-06, 05:34 AM
According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
Everybody "said" that when WinAmp 5 was coming out.....but I switched over and don't notice any significant bloat over the old 2.x versions.
iamlucky13
02-03-06, 06:53 PM
Thanks for the link. Given the method it attacks (buffer overrun in the playlist) there actually is a pretty good chance that mine is vulnerable. I'll just have to be careful where I stream music from. CWS is one of the really annoying adware programs.
The installer for winamp 2.x is 1.87 MB. The installer for winamp 5.13 is listed by CNET as 5.27 MB (2.8 times the size). I know there's more features, but I'm happy as is and I don't have as much RAM as I'd like anyway.
TexasGuy
02-03-06, 07:39 PM
WMP For the win :p I remmeber back when I used to use winamp.
winamp stinks IMO. iTunes all the way
I'm with you. WimpAmp has too many security holes and allows too much spyware to get installed on client computers. Itunes is fantastic!!!!!!!!!
TexasGuy
02-03-06, 07:43 PM
Winamp? spyware? wth
Don't run your computer as an administrator and you don't have to worry about 97% of spyware being installed.
explody pup
02-03-06, 07:52 PM
I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?
TexasGuy
02-03-06, 07:53 PM
I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?
From what i read, the danger would come from listening to playlists from streamed radio stations.
explody pup
02-03-06, 07:55 PM
From what i read, the danger would come from listening to playlists from streamed radio stations.
Oh. Well I guess I'm safe, then. I probably should update. I'm just lazy.
Powered by vBulletin® Version 4.1.12 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.