Feeds

back to article Winamp blighted by bug brace

A brace of bugs in Winamp pose a serious security risk for users of the popular media player package, security watchers warn. The buffer overflow-related flaws in Winamp 5.x create a means for hackers to take over vulnerable systems. Flaws in a library (in_mp3.dll) involved in parsing Ultravox streaming metadata open up the door …

COMMENTS

This topic is closed for new posts.
Tim

Winamp

It's got a long history of security bugs, but I keep using it as I think it's the best Media Player (for Audio)

Everyone complains about how bloated it's got, but you can actually install it in a fairly minimum configuration.

Even that wouldn't have helped in this case though.

0
0
Coat

hmmm

"These boundary errors can be exploited to cause stack-based buffer overflows via overly long '<artist>' and '<name>' tag values in the <metadata> section,"

This means nothing to me...

Seriously we know AOL are rubbish but can they just cut Nullsoft loose so then can fix the totally broken Winamp we have these days? Its rubbish (like everything AOL have ever done), which is a shame as it used to be brilliant.

0
0
Joke

Why do I need to know this?

"This means nothing to me, ahhhh...."

I'll get me coat....

0
0
Coat

Llama

I thought it was Llama's that get expoited?

0
0
Dead Vulture

@Why...

you picked the wrong coat, IMNSHO... you should fetch his...

0
0
Jobs Halo

@Tim

May be best for Windows..

0
0
Coat

@Alistair + Dave

Vieennnnnaaaaaaaaa.....

Beat me to it

0
0
Thumb Down

@Why do I need to know this?

"the goggles, they do nothing"

then don't use them

yet another bad joke

/coat

0
0
Bronze badge
Coat

Ultravox!

John Foxx is the real Ultravox!

0
0
Linux

Who me ?

I use Amararok so no worries there

0
0
Coat

Overly long?

Like "I remember (Death in the afternoon)" ? Surely not!

We tuned the dial,

We heard the news,

And laughed,

We don't know why

0
0
Coat

Comments

There has certainly been a Passionate Reply or two on this topic...

VLC for me nowadays, though I Lament the passing of WinAmp - the development team All Stood Still :-}

0
0
Ian

Winamp

Personally, I think WinAMP, whilst still not what it was at it's peak is much better nowadays than it has been for years. It has many of the features back that were axed even when Nullsoft was independant so it's hard to blame AOL really.

They decided to do the whole re-write thing for some reason, god only knows why but the re-write resulted in more vulnerabilities and it caused them to take about 6 years to reimplement the features that only took them about 6months to get in the first time round.

0
0
Unhappy

Lament

Poor old Midge Ure. Joe Dolce keeps Vienna off number 1, Geldof gets all the credit for Live Aid, then UltraVox gets the blame for a WinAmp bug.

0
0
Coat

Reap the wild Winamp.

Reap the wild Winamp.

I'll get me long mac as worn in the Vienna video.

0
0
Anonymous Coward

I'm a winamp diehard, but...

...the main blight for me is its taking 50 second to start and 15 seconds to understand any given restore / minimize operation.

On the other hand, the built in shoutcast browser, permanently set to search for "State Of Trance", roxxors my soxxors. Or whatever the kids are saying nowadays.

0
0

@ David Wiernicki

50 Seconds to Start! Are you running^H^H^H^H^H crawling Vista? I have Winamp 5 and it loads the program and my 7000+ song playlist in less than 4. Granted though, my shoutcast is looking for DJ Tiesto, so that may be it... : )

0
0
Linux

I use Xine

it doesn't work half the time it's very safe.

0
0

Re: "I use Xine"

/usr/bin/play, surely....

Or you could just dd the bytes one by one into /dev/dsp :-p

Seriously though, Linux users are spoilt for choice: mplayer, sox, amarok, xmms, vlc, totem, juk ....

0
0
Boffin

XMMS

I still use XMMS. I've come to like it's Winamp-like interface without the 5.x bloat. I guess it's fairly forgotten now tho- I don't believe the 1.2.11 release last November had any mention on el reg?

0
0

Re:Lament

Lol Graham....that on just mad m spit coff ovr my kyboard and now th y that looks lik a backwards 3 dosn't work.

0
0
Happy

@ GrahamT

I rarely laugh out loud at comments, but that was funny as f*ck. My morning is now slightly more bearable, thank you.

0
0
Unhappy

Winamp no more

I've used Winamp for years but decided to swap after it seemed to develop so many bugs it started to crash randomly for me.

Maybe they need to code a little better and make it the player it once was. :(

0
0
Joke

Whats-amatta-you, eh?

It's-a-not so bad

shuduppayaface.

(now just to make the people cracking the ultravox fans cracking jokes feel bad the day you sat at home lamenting the fact joe dolce beat vienna to number 1 was the day I was born :)

0
0
Alert

Winamp 2

Ok, I still use winamp v2 (well, 2.95) and re-install from my archives each time I re-do a windows operating system (I like it, it doesn't try and sell me anything and it plays MP3's).

And for those who are not digital kleptomaniacs, there's always oldversion.com

0
0

Still the best media player there is

As only functioning as an MP3 player it's not the lightest but as a play everything media player then there's little to beat it on Windows IMO. Never found something it didn't know how to play.

What's the alternative, Windows Media Player, iTunes, Real Player? They're all hopeless by comparison.

0
0
This topic is closed for new posts.