Nullsoft Fixes Critical Winamp Bug


Nullsoft late Monday fixed a critical flaw in its flagship Winamp music player that could have allowed attackers to grab control of PCs simply by duping people into downloading a playlist.

The fix, dubbed Winamp 5.13, can be downloaded from the Nullsoft Web site.

Alternately, users can download only the affected DLL -- "in_mp3.dll" -- from here, and place it in the Winamp\Plugins folder.

Various security firms raised alerts on Monday to warn Winamp users, with one -- Danish company Secunia -- tagging it with its highest threat level, "Extremely critical."

A moderator on a Nullsoft message board said Monday that the patched DLL would be included in the next public releases of Winamp 5.2 beta, "hopefully today." The most recent build of the beta on the Nullsoft site, marked "365," was posted prior to the vulnerability's discovery, however.