In the early days of the MP3 era, many users' first player was Winamp. If you happen to be using Winamp today, you better upgrade now to prevent a hacker from stealing your tunes and possible a whole lot more.
US-CERT has issued an advisory for Winamp related to a buffer overflow vulnerability that could allow a hacker to execute arbitrary code.
The vulnerability stems from the way that Winamp handles playlists with long computer names. Of particular note is that not a whole lot of user interaction is required for a hacker to take advantage of the vulnerability.
In order to take advantage of the vulnerability, the hacker will have to trick the user into opening the maliciously crafted playlist file. According to the advisory, this could happen without any user interaction as the result of viewing a Web page or other HTML document.
Users are advised to immediately update to Winamp version 5.13, which corrects the flaw.
Winamp was originally created by Nullsoft, which was bought by America Online in 1999. It competes with Microsoft Windows Media Player, Real Networks Real Player and Apple's iTunes.
The current vulnerability is not the first time a security flaw has appeared in Winamp. In 2004 a zero-day exploit targeted Winamp skins.
Winamp's media peer have of course also been exposed to have security flaws over the years. Most recently, iTunes users were warned to update their QuickTime software in order to protect against a security vulnerability.
