Advertise on Bikeforums.net



User Tag List

Results 1 to 14 of 14
  1. #1
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,958
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    WinAmp users: update your WinAmp.

    The bad guys have discovered a nifty exploit for WinAmp. You can get the fixed 5.13 version from http://www.winamp.com/player/

    From McAfee's writeup of the vulnerability:

    This detection covers a 0-day exploit targeting WinAmp 5.12 that allows remote code execution via a specially crafted play list (.pls) file. Such exploit files could be executed with little user intervention (such as visiting a website that hosted malicious files), and the end result could be the silent installation of any number of viruses, trojans, and potentially unwanted programs.

  2. #2
    later free_pizza's Avatar
    Join Date
    Sep 2004
    Posts
    2,477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    winamp stinks IMO. iTunes all the way

  3. #3
    On my TARDIScycle! KingTermite's Avatar
    Join Date
    Jun 2005
    Location
    Eastside Seattlite Termite Mound
    My Bikes
    Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ITunes is HORRIBLE IMO....WinAmp all the way!!!

    Thanks for the heads up....I'm updated!
    Quote Originally Posted by coffeecake View Post
    - it's pretty well established that Hitler was an *******.

  4. #4
    you wont.
    Join Date
    Feb 2006
    Location
    ohio
    My Bikes
    premium
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    good job!

  5. #5
    Footballus vita est iamlucky13's Avatar
    Join Date
    Jun 2002
    Location
    Portland, OR
    My Bikes
    Trek 4500, Kona Dawg
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
    "The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad

  6. #6
    Senior Member mechBgon's Avatar
    Join Date
    Jul 2002
    Posts
    6,958
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by iamlucky13
    According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
    I hope you're right about 2.93 not having the vulnerability Here is Sunbelt's Blog writeup of an instance of WinAmp exploit that's being used to infect systems with both SpySheriff and a CWS variant

    http://sunbeltblog.blogspot.com/2006...953448796.html

    Screenshots included, for the eyecandy-oriented folks.

  7. #7
    On my TARDIScycle! KingTermite's Avatar
    Join Date
    Jun 2005
    Location
    Eastside Seattlite Termite Mound
    My Bikes
    Trek 520, Trek Navigator 300, Peugeot Versailles PE10DE
    Posts
    3,928
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by iamlucky13
    According to the article, I'm safe. Winamp 2.93 has neither the vulnerability nor the bloat.
    Everybody "said" that when WinAmp 5 was coming out.....but I switched over and don't notice any significant bloat over the old 2.x versions.
    Quote Originally Posted by coffeecake View Post
    - it's pretty well established that Hitler was an *******.

  8. #8
    Footballus vita est iamlucky13's Avatar
    Join Date
    Jun 2002
    Location
    Portland, OR
    My Bikes
    Trek 4500, Kona Dawg
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the link. Given the method it attacks (buffer overrun in the playlist) there actually is a pretty good chance that mine is vulnerable. I'll just have to be careful where I stream music from. CWS is one of the really annoying adware programs.

    The installer for winamp 2.x is 1.87 MB. The installer for winamp 5.13 is listed by CNET as 5.27 MB (2.8 times the size). I know there's more features, but I'm happy as is and I don't have as much RAM as I'd like anyway.
    "The internet is a place where absolutely nothing happens. You need to take advantage of that." ~ Strong Bad

  9. #9
    That darn Yankee TexasGuy's Avatar
    Join Date
    Jun 2005
    Location
    West West Fort Worth
    My Bikes
    Mongoose XR-100, Eros Bianchi
    Posts
    4,272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    WMP For the win I remmeber back when I used to use winamp.
    Life is about hanging onto what you think is important and finding out what really is important.
    "Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
    So many sayings, so little sig space.

  10. #10
    King of the Forest Totoro's Avatar
    Join Date
    Mar 2005
    Posts
    772
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by free_pizza
    winamp stinks IMO. iTunes all the way
    I'm with you. WimpAmp has too many security holes and allows too much spyware to get installed on client computers. Itunes is fantastic!!!!!!!!!

  11. #11
    That darn Yankee TexasGuy's Avatar
    Join Date
    Jun 2005
    Location
    West West Fort Worth
    My Bikes
    Mongoose XR-100, Eros Bianchi
    Posts
    4,272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Winamp? spyware? wth
    Don't run your computer as an administrator and you don't have to worry about 97% of spyware being installed.
    Life is about hanging onto what you think is important and finding out what really is important.
    "Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
    So many sayings, so little sig space.

  12. #12
    explody pup
    Guest
    I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?

  13. #13
    That darn Yankee TexasGuy's Avatar
    Join Date
    Jun 2005
    Location
    West West Fort Worth
    My Bikes
    Mongoose XR-100, Eros Bianchi
    Posts
    4,272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by explody pup
    I haven't read the article. Do you have to manually run the playlist or is it something that works automatically?
    From what i read, the danger would come from listening to playlists from streamed radio stations.
    Life is about hanging onto what you think is important and finding out what really is important.
    "Stop Ruining my joke!", "No, a joke implies humor attached at no additional cost"
    So many sayings, so little sig space.

  14. #14
    explody pup
    Guest
    Quote Originally Posted by TexasGuy
    From what i read, the danger would come from listening to playlists from streamed radio stations.
    Oh. Well I guess I'm safe, then. I probably should update. I'm just lazy.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •