News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 20, 2014, 02:42:12
Pages: [1]   Go Down
  Print  
Topic: Winamp vuln - patch available  (Read 5414 times)
0 Members and 1 Guest are viewing this topic.
« on: May 04, 2007, 08:54:51 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

> http://secunia.com/advisories/25089/
Last Update: 2007-05-04
Critical: Highly critical
Impact:   System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
Solution: Apply Winamp 5.34a Security Patch:
http://download.nullsoft.com/winamp/client/wa5update.exe ...
Original Advisory: Nullsoft:
http://forums.winamp.com/showthread.php?threadid=269831#patch
http://forums.winamp.com/showthread.php?postid=2180629#post2180629
The vulnerability will also be addressed in the upcoming version 5.35..."

 Exclamation
« Last Edit: January 18, 2008, 13:51:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: October 12, 2007, 04:41:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp FLAC Media File Processing Integer Overflows
- http://secunia.com/advisories/27223/
Release Date: 2007-10-12
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerabilities are reported in version 5.35. Other versions may also be affected.
Software: Winamp 5.x
Solution: Update to version 5.5.
http://www.winamp.com/player ...

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: January 18, 2008, 13:51:04 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp vuln - update available
- http://secunia.com/advisories/27865/
Release Date: 2008-01-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
...Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in versions 5.21, 5.5, and 5.51. Other versions may also be affected.
Solution: Update to version 5.52.
http://www.winamp.com/player

 Shocked
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: August 06, 2008, 02:19:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

- http://secunia.com/advisories/31371/
Release Date: 2008-08-05
Critical: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x
...The vulnerability is reported in versions prior to 5.541.
Solution: Update to version 5.541 ...
Original Advisory:
http://forums.winamp.com/showthread.php?threadid=295505

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #4 on: December 21, 2009, 09:38:42 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.57 released
- http://secunia.com/advisories/37495/2/
Last Update: 2009-12-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Winamp 5.x ...
Solution: Update to version 5.57.
http://www.winamp.com/media-player

- http://www.winamp.com/help/Version_History#Winamp_5.571_.28Latest.29

- http://www.theregister.co.uk/2009/12/21/winamp_update/

 Exclamation
« Last Edit: December 22, 2009, 03:52:30 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #5 on: July 14, 2010, 04:41:20 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.58 released
- http://secunia.com/advisories/40534/
Release Date: 2010-07-13
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 5.58 or later.
Original Advisory:
http://www.winamp.com/help/Version_History#Winamp_5.581_.28Latest.29

- http://www.winamp.com/media-player/en

- http://securitytracker.com/alerts/2010/Jul/1024207.html
Jul 14 2010

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #6 on: November 30, 2010, 04:52:17 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.6...
- http://secunia.com/advisories/42004/
Release Date: 2010-11-30
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 5.6.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?threadid=159785

- http://www.winamp.com/media-player/en
Winamp 5.6, Build 3080 (5.6.0.3080)

- http://www.winamp.com/help/Version_History#Winamp_5.6_.28Latest.29

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2586
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4370
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4371
CVSS v2 Base Score: 9.3 (HIGH)
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4372
Last revised: 12/03/2010
CVSS v2 Base Score: 9.3 (HIGH)
"... before 5.6 ..."

 Exclamation
« Last Edit: December 06, 2010, 13:16:09 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #7 on: December 07, 2010, 04:20:15 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.601 released
- http://secunia.com/advisories/42475/
Release Date: 2010-12-07
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
... The vulnerability is reported in versions prior to 5.601.
Solution: Update to version 5.601.
Original Advisory: http://forums.winamp.com/showthread.php?s=&threadid=159785

- http://www.winamp.com/help/Version_History#Winamp_5.601_.28Latest.29
___

- http://secunia.com/advisories/44600/
Release Date: 2011-05-16
Criticality level: Highly critical
Impact:   System access
Where: From remote
Solution Status: Unpatched
"... vulnerability is confirmed in version 5.61. Other versions may also be affected..."

- http://www.winamp.com/help/Version_History#Winamp_5.61

 Exclamation
« Last Edit: June 03, 2011, 14:00:18 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #8 on: July 01, 2011, 09:57:43 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.62 released
- http://www.winamp.com/media-player/en
30 June 2011

- http://forums.winamp.com/showthread.php?t=332010
Winamp 5.62, Build 3161 (5.6.2.3161) - 30 June 2011
- http://www.winamp.com/help/Version_History#Winamp_5.62
___

- http://secunia.com/advisories/45028/
Last Update: 2011-07-05
Criticality level: Highly critical
Impact: System access
Where: From remote...
... The vulnerability is confirmed in version 5.6. Other versions may also be affected.
Solution: Update to version 5.62.

- http://secunia.com/advisories/44600/
Solution: Update to version 5.62.

 Exclamation
« Last Edit: July 08, 2011, 11:36:41 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #9 on: October 27, 2011, 04:55:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.622 released
- https://secunia.com/advisories/45279/
Release Date: 2011-10-27
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are confirmed in version 5.621. Prior versions may also be affected.
Solution: Update to version 5.622.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?t=332010

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #10 on: December 13, 2011, 05:26:40 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.623 released
- http://forums.winamp.com/showthread.php?t=332010
9 Dec 2011
Winamp 5.623
* Fixed: mp3 decoding errors at end of file (should fix reported CD burning errors)
* Fixed: [aacdec] Detection of parametric stereo for AAC files made with older encoders
* Fixed: [enc_fhgaac] MP4 encoder not always closing on errors or aborted transfers
* Fixed: [in_avi] Crashing with certain malformed AVI files
* Fixed: [in_flac & in_mp4] Memory leaks
* Fixed: [in_mod] Bounds check for comments parsing
* Fixed: [pmp] Multithreaded race condition (now supports thread-safe transfers)
* Fixed: [pmp_android] Embedded album art being deleted on transfers
* Misc: More general tweaks, improvements, fixes and optimizations
* Updated: [enc_fhgaac] Fraunhofer AAC Encoder v3.2.4
* Updated: [gen_jumpex] JTFE v1.2.5...

- http://www.securitytracker.com/id/1026404
Dec 12 2011
CVE Reference: CVE-2011-3834
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed: Yes  
Version: 5.622; possibly prior versions...
Solution: The vendor has issued a fix (5.623)...
... The original advisory is available at:
https://secunia.com/secunia_research/2011-81/ || https://secunia.com/advisories/46882/
Rating: Highly critical
Impact: System access
Where: From remote...
Solution: Update to version 5.623.
Dmitriy Pletnev of Secunia Research reported this vulnerability...

- http://h-online.com/-1394031
12 December 2011

 Exclamation
« Last Edit: December 13, 2011, 06:51:58 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #11 on: June 21, 2012, 09:23:57 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp v5.63 released
AVI/IT File Processing vulns
- https://secunia.com/advisories/46624/
Release Date: 2012-06-21
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution: Update to version 5.63 Build 3234.
Original Advisory: Winamp:
http://forums.winamp.com/showthread.php?t=345684

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #12 on: December 17, 2013, 22:19:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8207



FYI...

Winamp ends - 12.20.2013 ...
- http://www.winamp.com/media-player/en
"Winamp.com and associated web services will no longer be available past December 20, 2013. Additionally, Winamp Media players will no longer be available for download. Please download the latest version before that date. See release notes for latest improvements to this last release. Thanks for supporting the Winamp community for over 15 years."

 Sad
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.85 seconds with 19 queries.