'Extremely Critical' Exploit Hits Winamp


The popular Winamp music player suffers from a zero-day vulnerability that attackers are already exploiting, a security company warned Monday. A patch is not available.

The bug in Winamp 5.12 is "extremely critical," the most dire alert Danish-based Secunia uses. An attacker, said Secunia, can take complete control of a PC by getting a user to download a malicious audio playlist that uses a filename larger than about 1,040 bytes. Because Winamp automatically begins playing a playlist once it's download, hackers could easily attack PCs equipped with the music player.

A proof-of-concept exploit that's on the loose suggests using an iframe to trigger a 'drive-by' attack on users who visit a malicious site, added the SANS Institute's Internet Storm Center.

The widespread attacks against the Windows Metafile (WMF) vulnerability in December and January were largely based on sites exploiting iframe vulnerabilities to compromise PCs that had simply surfed to one of thousands of malicious sites. Those same sites could conceivably add this Winamp exploit to their arsenals.

Secunia recommended that users turn to alternate player programs, but Moscow-based Kaspersky Labs said that users could deflect attacks by setting Winamp's .pls file format to "Confirm open after download" using Windows' "Folder Options/File Types" dialog.

Winamp's Web site currently has no news of the bug, or any information about a possible patch. The site's support forums also lack any talk of the bug, with the exception of one user who provided a link to the proof-of-concept code.