back to article Winamp blighted by bug brace

A brace of bugs in Winamp pose a serious security risk for users of the popular media player package, security watchers warn. The buffer overflow-related flaws in Winamp 5.x create a means for hackers to take over vulnerable systems. Flaws in a library (in_mp3.dll) involved in parsing Ultravox streaming metadata open up the …

COMMENTS

This topic is closed for new posts.
  1. Tim

    Winamp

    It's got a long history of security bugs, but I keep using it as I think it's the best Media Player (for Audio)

    Everyone complains about how bloated it's got, but you can actually install it in a fairly minimum configuration.

    Even that wouldn't have helped in this case though.

  2. Alastair Dodd
    Coat

    hmmm

    "These boundary errors can be exploited to cause stack-based buffer overflows via overly long '<artist>' and '<name>' tag values in the <metadata> section,"

    This means nothing to me...

    Seriously we know AOL are rubbish but can they just cut Nullsoft loose so then can fix the totally broken Winamp we have these days? Its rubbish (like everything AOL have ever done), which is a shame as it used to be brilliant.

  3. Dave Fisher
    Joke

    Why do I need to know this?

    "This means nothing to me, ahhhh...."

    I'll get me coat....

  4. Daniel Bennett
    Coat

    Llama

    I thought it was Llama's that get expoited?

  5. Anonymous Coward
    Dead Vulture

    @Why...

    you picked the wrong coat, IMNSHO... you should fetch his...

  6. Joni Kahara
    Jobs Halo

    @Tim

    May be best for Windows..

  7. Anonymous Coward
    Coat

    @Alistair + Dave

    Vieennnnnaaaaaaaaa.....

    Beat me to it

  8. Jason Harvey
    Thumb Down

    @Why do I need to know this?

    "the goggles, they do nothing"

    then don't use them

    yet another bad joke

    /coat

  9. Jess
    Coat

    Ultravox!

    John Foxx is the real Ultravox!

  10. Anonymous Coward
    Linux

    Who me ?

    I use Amararok so no worries there

  11. Sacha TF Padovani
    Coat

    Overly long?

    Like "I remember (Death in the afternoon)" ? Surely not!

    We tuned the dial,

    We heard the news,

    And laughed,

    We don't know why

  12. Colin Wilson
    Coat

    Comments

    There has certainly been a Passionate Reply or two on this topic...

    VLC for me nowadays, though I Lament the passing of WinAmp - the development team All Stood Still :-}

  13. Ian

    Winamp

    Personally, I think WinAMP, whilst still not what it was at it's peak is much better nowadays than it has been for years. It has many of the features back that were axed even when Nullsoft was independant so it's hard to blame AOL really.

    They decided to do the whole re-write thing for some reason, god only knows why but the re-write resulted in more vulnerabilities and it caused them to take about 6 years to reimplement the features that only took them about 6months to get in the first time round.

  14. GrahamT
    Unhappy

    Lament

    Poor old Midge Ure. Joe Dolce keeps Vienna off number 1, Geldof gets all the credit for Live Aid, then UltraVox gets the blame for a WinAmp bug.

  15. Mark York
    Coat

    Reap the wild Winamp.

    Reap the wild Winamp.

    I'll get me long mac as worn in the Vienna video.

  16. Anonymous Coward
    Anonymous Coward

    I'm a winamp diehard, but...

    ...the main blight for me is its taking 50 second to start and 15 seconds to understand any given restore / minimize operation.

    On the other hand, the built in shoutcast browser, permanently set to search for "State Of Trance", roxxors my soxxors. Or whatever the kids are saying nowadays.

  17. Sean Nevin

    @ David Wiernicki

    50 Seconds to Start! Are you running^H^H^H^H^H crawling Vista? I have Winamp 5 and it loads the program and my 7000+ song playlist in less than 4. Granted though, my shoutcast is looking for DJ Tiesto, so that may be it... : )

  18. Anonymous Coward
    Linux

    I use Xine

    it doesn't work half the time it's very safe.

  19. Richard Neill

    Re: "I use Xine"

    /usr/bin/play, surely....

    Or you could just dd the bytes one by one into /dev/dsp :-p

    Seriously though, Linux users are spoilt for choice: mplayer, sox, amarok, xmms, vlc, totem, juk ....

  20. Anonymous Coward
    Boffin

    XMMS

    I still use XMMS. I've come to like it's Winamp-like interface without the 5.x bloat. I guess it's fairly forgotten now tho- I don't believe the 1.2.11 release last November had any mention on el reg?

  21. Andy Worth

    Re:Lament

    Lol Graham....that on just mad m spit coff ovr my kyboard and now th y that looks lik a backwards 3 dosn't work.

  22. Bruce Leyden
    Happy

    @ GrahamT

    I rarely laugh out loud at comments, but that was funny as f*ck. My morning is now slightly more bearable, thank you.

  23. Anonymous Coward
    Unhappy

    Winamp no more

    I've used Winamp for years but decided to swap after it seemed to develop so many bugs it started to crash randomly for me.

    Maybe they need to code a little better and make it the player it once was. :(

  24. sack
    Joke

    Whats-amatta-you, eh?

    It's-a-not so bad

    shuduppayaface.

    (now just to make the people cracking the ultravox fans cracking jokes feel bad the day you sat at home lamenting the fact joe dolce beat vienna to number 1 was the day I was born :)

  25. Anonymous Coward
    Alert

    Winamp 2

    Ok, I still use winamp v2 (well, 2.95) and re-install from my archives each time I re-do a windows operating system (I like it, it doesn't try and sell me anything and it plays MP3's).

    And for those who are not digital kleptomaniacs, there's always oldversion.com

  26. Matthew

    Still the best media player there is

    As only functioning as an MP3 player it's not the lightest but as a play everything media player then there's little to beat it on Windows IMO. Never found something it didn't know how to play.

    What's the alternative, Windows Media Player, iTunes, Real Player? They're all hopeless by comparison.

This topic is closed for new posts.