FYI...Winamp v5.623 released
9 Dec 2011
* Fixed: mp3 decoding errors at end of file (should fix reported CD burning errors)
* Fixed: [aacdec] Detection of parametric stereo for AAC files made with older encoders
* Fixed: [enc_fhgaac] MP4 encoder not always closing on errors or aborted transfers
* Fixed: [in_avi] Crashing with certain malformed AVI files
* Fixed: [in_flac & in_mp4] Memory leaks
* Fixed: [in_mod] Bounds check for comments parsing
* Fixed: [pmp] Multithreaded race condition (now supports thread-safe transfers)
* Fixed: [pmp_android] Embedded album art being deleted on transfers
* Misc: More general tweaks, improvements, fixes and optimizations
* Updated: [enc_fhgaac] Fraunhofer AAC Encoder v3.2.4
* Updated: [gen_jumpex] JTFE v1.2.5...
Dec 12 2011
CVE Reference: CVE-2011-3834
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version: 5.622; possibly prior versions...
Solution: The vendor has issued a fix (5.623)...
... The original advisory is available at:https://secunia.com/secunia_research/2011-81/
Rating: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 5.623.
Dmitriy Pletnev of Secunia Research reported this vulnerability...
12 December 2011