Users of AOL’s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user’s system.
A new version of the Winamp player was released Monday afternoon, one day after hackers posted exploit code on the milw0rm.com website that could be used to run unauthorised software on computers running Winamp 5.12 with Windows XP.
Using this exploit code, hackers would be able run their malicious software by tricking users into clicking on specially crafted Winamp playlists, security firm Secunia said in an advisory. Winamp playlist files contain the .pls suffix.
Secunia has rated this vulnerability “extremely critical.”
The problem only affects Winamp 5.12 users, who will now be greeted with a popup message advising them to update to the newer version of the software, said AOL spokeswoman Deana Graffeo. Earlier versions of the product are not vulnerable, she said.
News source: Techworld