Winamp Remote Code Execution Advisory
Source: SNP
I just received this 'heads up' warning about the popular audio player 'WinAmp' from the folks at Root Core : " Recently we have found a hole in the popular audio player Winamp that allows arbitrary code to be ran on the users machine. The problem is in the way Winamp handles certain urls for music streams. With a simple url Winamp can be tricked into downloading any file. This could be used to download ddos bots, virii etc . "
" We have contacted Nullsoft about this and have yet to get a answer. We are going to wait a few more weeks before we release the exploit code itself. For now we suggest anyone that uses winamp to check all urls before clicking them and update any virus scanning software you have. We see this as a high risk vulnerability and should be patched by the vendor ASAP."