View previous topic ::
View next topic
|
Author |
Message |
j2brown
Commodore
Joined: Feb 22, 2002
Member#: 9
Posts: 3188
Location: Sterling, VA
|
|
|
JERIC
Fleet Admiral (Proprietor)
Joined: Feb 12, 2002
Member#: 1
Posts: 4939
Location: Richmond, VA
|
Posted:
Fri Aug 27, 2004 7:23 am Post subject: |
|
Wow! I suggest QCD or Radio365 until a patch comes out to fix the vunerability. _________________ "Are you not entertained? Are you not entertained? Is this not why you are here?." -Maximus
Please do not PM me. Use email, Feedback or Contact Us links. |
|
|
Cocles
Commodore
Joined: Mar 06, 2002
Member#: 15
Posts: 2587
Location: Los Angeles, CA
|
Posted:
Fri Aug 27, 2004 7:28 am Post subject: |
|
From a buddy of mine,
Winamp 2 is NOT affected. Winamp 5 Lite is also NOT affected.
If you unchecked "Modern Skin Support" in the installer you are also
NOT affected.
You can even remove Modern Skin Support just by renaming Program
Files\Winamp\Plugins\gen_ff.dll to gen_ff.dll.old. This will remove the
exploit.
If you fix this way, you will only be able to use classic skins. |
|
|
Caliburn
Guest
|
Posted:
Fri Aug 27, 2004 7:33 am Post subject: |
|
new skin is not even installed here :-) |
|
|
JERIC
Fleet Admiral (Proprietor)
Joined: Feb 12, 2002
Member#: 1
Posts: 4939
Location: Richmond, VA
|
Posted:
Fri Aug 27, 2004 7:58 am Post subject: |
|
Good to know. I keep mine on the SST skin of course. _________________ "Are you not entertained? Are you not entertained? Is this not why you are here?." -Maximus
Please do not PM me. Use email, Feedback or Contact Us links. |
|
|
Jazzman
Lieutenant
Joined: Jul 20, 2004
Member#: 7365
Posts: 100
Location: Utah, USA
|
Posted:
Fri Aug 27, 2004 10:48 am Post subject: |
|
Someone was saying that keeping it on some skin all the time isn't enough to protect you. Anyone know if that's true? I actually use a winamp general plugin that provides a different (non-skinnable) UI altogether. But since the main window is still running (just not visible) I suppose I'm still vulnerable. I'll rename my gen_ff.dll right now. Thanks for the tip, Cocles. _________________ All I ask is for a chance to prove that money can't buy happiness. |
|
|
Techo
Lieutenant
Joined: Feb 12, 2004
Member#: 5054
Posts: 182
|
Posted:
Fri Aug 27, 2004 1:05 pm Post subject: |
|
Thanks for the info.
Quote: |
The company said the default installation of WinAmp registers the WSZ file extension and includes an instruction to Windows and Internet Explorer to automatically open the files. It leads to the fake WinAmp skin being automatically loaded into the media player.
|
So if you remove the association between *.wsz files and winamp you can be safer? since Windows won't know which application is associated with the file and therefor winamp won't execute it.
For Windows Explorer goto the menu Tools->Folder Options->File Types and delete the WSZ entry in the list. I tried it and WinAMP didn't add the entry back after restarting it, and everything still seems to work just fine as it did before.
edit:
You can also prevent IE from auto opening the file if you do have it associated with a program, find the file extension in the "File Types" list, click "Advanced" and check "Confirm open after download" |
|
|
Nr2000
Lieutenant Junior Grade
Joined: Apr 06, 2003
Member#: 603
Posts: 89
Location: Denmark
|
Posted:
Fri Aug 27, 2004 4:35 pm Post subject: |
|
Nullsoft has now released Winamp 5.05. The serious security flaw should be fixed in this version.
Download Winamp 5.05 - Full
Download Winamp 5.05 - Lite
Last edited by Nr2000 on Sat Dec 04, 2004 10:28 am; edited 1 time in total |
|
|
Tron
Lieutenant Commander
Joined: Dec 13, 2003
Member#: 4034
Posts: 319
Location: Belgium
|
Posted:
Fri Aug 27, 2004 4:37 pm Post subject: |
|
[edit] => 2000's post. Good to have my winamp back after 2 horrible minutes |
|
|
Techo
Lieutenant
Joined: Feb 12, 2004
Member#: 5054
Posts: 182
|
Posted:
Fri Aug 27, 2004 6:06 pm Post subject: |
|
vroooom , That was fast |
|
|
PeteC
Commander
Joined: Nov 26, 2003
Member#: 3796
Posts: 587
Location: Evanston, IL
|
Posted:
Sat Aug 28, 2004 9:59 pm Post subject: |
|
Thanks for the info. Appreciated. _________________ All in the world recognize the
beautiful as beautiful. Herein
lies ugliness. All recognize the
good as good. Herein lies evil. |
|
|
Patje
Lieutenant
Joined: Mar 31, 2003
Member#: 482
Posts: 212
Location: The Netherlands
|
Posted:
Sun Aug 29, 2004 9:22 am Post subject: |
|
JERIC wrote: |
Good to know. I keep mine on the SST skin of course. |
Of course
To "Nr.2000" : Thanx. _________________ In a world without justice, one man was chosen to protect the innocent. |
|
|
Nr2000
Lieutenant Junior Grade
Joined: Apr 06, 2003
Member#: 603
Posts: 89
Location: Denmark
|
Posted:
Sat Nov 27, 2004 1:35 pm Post subject: |
|
There has been found a new serious security flaw in Winamp 5.05 and previous versions. Nullsoft has now released Winamp 5.06, the exploit may not be completely fixed in this new version! A version 5.06a or version 5.07 may soon be released.
http://secunia.com/advisories/13269/
Download Winamp 5.06 - Full
Download Winamp 5.06 - Lite
Last edited by Nr2000 on Sat Dec 04, 2004 10:27 am; edited 1 time in total |
|
|
Nr2000
Lieutenant Junior Grade
Joined: Apr 06, 2003
Member#: 603
Posts: 89
Location: Denmark
|
Posted:
Sat Dec 04, 2004 10:26 am Post subject: |
|
Winamp 5.07 have now been released by Nullsoft. The security flaw should be fixed in this new version. Please upgrade now.
http://secunia.com/advisories/13269/
Download Winamp 5.07 - Full
Download Winamp 5.07 - Lite
Last edited by Nr2000 on Sat Jan 15, 2005 10:16 am; edited 1 time in total |
|
|
soundTrack_nut
Lieutenant Junior Grade
Joined: Aug 08, 2003
Member#: 2714
Posts: 64
Location: Fairfax, VA
|
Posted:
Sat Dec 11, 2004 10:42 am Post subject: |
|
Never heard about this until I got on the site. Just dled it. Thanks! Winamp is the best! _________________ Stargate SG1
Stargate Atlantis
Battlestar Galactica
Returning January - SciFi Channel |
|
|
|