Tech Talk

[Highly critical]

FYI...

> http://secunia.com/advisories/25089/
Last Update: 2007-05-04
Critical: Highly critical
Impact:   System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
Solution: Apply Winamp 5.34a Security Patch:
http://download.nullsoft.com/winamp/client/wa5update.exe ...
Original Advisory: Nullsoft:
http://forums.winamp.com/showthread.php?threadid=269831#patch
http://forums.winamp.com/showthread.php?postid=2180629#post2180629
The vulnerability will also be addressed in the upcoming version 5.35..."

 

[Winamp FLAC Media File Processing Integer Overflows]

FYI...

Winamp FLAC Media File Processing Integer Overflows
- http://secunia.com/advisories/27223/
Release Date: 2007-10-12
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerabilities are reported in version 5.35. Other versions may also be affected.
Software: Winamp 5.x
Solution: Update to version 5.5.
http://www.winamp.com/player ...

 

[Winamp vuln - update available]

FYI...

Winamp vuln - update available
- http://secunia.com/advisories/27865/
Release Date: 2008-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
...Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in versions 5.21, 5.5, and 5.51. Other versions may also be affected.
Solution: Update to version 5.52.
http://www.winamp.com/player

 

[From remote]

FYI...

- http://secunia.com/advisories/31371/
Release Date: 2008-08-05
Critical: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
...The vulnerability is reported in versions prior to 5.541.
Solution: Update to version 5.541 ...
Original Advisory:
http://forums.winamp.com/showthread.php?threadid=295505

 

[Winamp v5.57 released]

FYI...

Winamp v5.57 released
- http://secunia.com/advisories/37495/2/
Last Update: 2009-12-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x ...
Solution: Update to version 5.57.
http://www.winamp.com/media-player

- http://www.winamp.com/help/Version_History#Winamp_5.571_.28Latest.29

- http://www.theregister.co.uk/2009/12/21/winamp_update/

 

[Winamp v5.58 released]

FYI...

Winamp v5.58 released
- http://secunia.com/advisories/40534/
Release Date: 2010-07-13
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 5.58 or later.
Original Advisory:
http://www.winamp.com/help/Version_History#Winamp_5.581_.28Latest.29

- http://www.winamp.com/media-player/en

- http://securitytracker.com/alerts/2010/Jul/1024207.html
Jul 14 2010

 

[Winamp v5.6]

FYI...

Winamp v5.6...
- http://secunia.com/advisories/42004/
Release Date: 2010-11-30
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 5.6.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?threadid=159785

- http://www.winamp.com/media-player/en
Winamp 5.6, Build 3080 (5.6.0.3080)

- http://www.winamp.com/help/Version_History#Winamp_5.6_.28Latest.29

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2586
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4370
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4371
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4372
Last revised: 12/03/2010
CVSS v2 Base Score: 9.3 (HIGH)
"... before 5.6 ..."

 

[Winamp v5.601 released]

FYI...

Winamp v5.601 released
- http://secunia.com/advisories/42475/
Release Date: 2010-12-07
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 5.601.
Solution: Update to version 5.601.
Original Advisory: http://forums.winamp.com/showthread.php?s=&threadid=159785

- http://www.winamp.com/help/Version_History#Winamp_5.601_.28Latest.29
___

- http://secunia.com/advisories/44600/
Release Date: 2011-05-16
Criticality level: Highly critical
Impact:   System access
Where: From remote
Solution Status: Unpatched
"... vulnerability is confirmed in version 5.61. Other versions may also be affected..."

- http://www.winamp.com/help/Version_History#Winamp_5.61

 

[Winamp v5.62 released]

FYI...

Winamp v5.62 released
- http://www.winamp.com/media-player/en
30 June 2011

- http://forums.winamp.com/showthread.php?t=332010
Winamp 5.62, Build 3161 (5.6.2.3161) - 30 June 2011
- http://www.winamp.com/help/Version_History#Winamp_5.62
___

- http://secunia.com/advisories/45028/
Last Update: 2011-07-05
Criticality level: Highly critical
Impact: System access
Where: From remote...
... The vulnerability is confirmed in version 5.6. Other versions may also be affected.
Solution: Update to version 5.62.

- http://secunia.com/advisories/44600/
Solution: Update to version 5.62.

 

[Winamp v5.622 released]

FYI...

Winamp v5.622 released
- https://secunia.com/advisories/45279/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are confirmed in version 5.621. Prior versions may also be affected.
Solution: Update to version 5.622.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?t=332010

 

[Winamp v5.623 released]

FYI...

Winamp v5.623 released
- http://forums.winamp.com/showthread.php?t=332010
9 Dec 2011
Winamp 5.623
* Fixed: mp3 decoding errors at end of file (should fix reported CD burning errors)
* Fixed: [aacdec] Detection of parametric stereo for AAC files made with older encoders
* Fixed: [enc_fhgaac] MP4 encoder not always closing on errors or aborted transfers
* Fixed: [in_avi] Crashing with certain malformed AVI files
* Fixed: [in_flac & in_mp4] Memory leaks
* Fixed: [in_mod] Bounds check for comments parsing
* Fixed: [pmp] Multithreaded race condition (now supports thread-safe transfers)
* Fixed: [pmp_android] Embedded album art being deleted on transfers
* Misc: More general tweaks, improvements, fixes and optimizations
* Updated: [enc_fhgaac] Fraunhofer AAC Encoder v3.2.4
* Updated: [gen_jumpex] JTFE v1.2.5...

- http://www.securitytracker.com/id/1026404
Dec 12 2011
CVE Reference: CVE-2011-3834
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed: Yes  
Version: 5.622; possibly prior versions...
Solution: The vendor has issued a fix (5.623)...
... The original advisory is available at:
https://secunia.com/secunia_research/2011-81/ || https://secunia.com/advisories/46882/
Rating: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 5.623.
Dmitriy Pletnev of Secunia Research reported this vulnerability...

- http://h-online.com/-1394031
12 December 2011

 

[Winamp v5.63 released]

FYI...

Winamp v5.63 released
AVI/IT File Processing vulns
- https://secunia.com/advisories/46624/
Release Date: 2012-06-21
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 5.63 Build 3234.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?t=345684