Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Media Music

WinAmp Security Hole Discovered, Patched 393

Posted by simoniker from the cha-cha-oops dept.
Sbarbero writes "According to Techworld.com, a significant security hole has been discovered in NullSoft's WinAmp, meaning everyone should upgrade to the 5.03 version the makers have just put out right now. Security company NGS has found that the exploit 'can be activated remotely simply by rendering a specially crafted html document' and will run arbitrary code - they have a full advisory on their site." Oddly enough, the vulnerability is in the playback for the classic .XM 'tracker' music format.
This discussion has been archived. No new comments can be posted.

WinAmp Security Hole Discovered, Patched More

WinAmp Security Hole Discovered, Patched

Comments Filter:

  • Er... (Score:2, Interesting)

    by James A. M. Joyce ( 764379 )
    "activated remotely simply by rendering a specially crafted html document" Wouldn't that only make it a problem for those people who actually use the Winamp minibrowser? (I.E., very few people?)

    • Re:Er... (Score:4, Insightful)

      by Doesn't_Comment_Code ( 692510 ) on Monday April 05, 2004 @04:07PM (#8773175)
      I haven't used WinAmp in quite a while, so I can't remember. Does WinAmp allow dynamic loading of embedded content, as in: you play a song, which has an embedded script that opens an html document for you? I seem to remember one of the players doing this. I'm pretty sure Windows Media Player does this. If WinAmp does, it would make the problem much more dangerous.

    • Re:Er... (Score:2, Informative)

      by Anonymous Coward
      You can <embed> .XM files into a HTML document and if WinAmp is set as the handler for that MIME type, it will probably automatically launch it (or something).

    • Re:Er... (Score:5, Informative)

      by TheFlyingGoat ( 161967 ) on Monday April 05, 2004 @04:12PM (#8773225) Homepage Journal
      It doesn't just affect people who use the minibrowser. If you have Winamp set up as the default program for xm files, you're vulnerable. All someone would have to do is redirect the web page to a malformed page that sends a Content-Type: audio/xm (or whatever) header. This would execute Winamp, attempt to load the location, and cause problems.

    • Re:Er... (Score:3, Funny)

      by los furtive ( 232491 )
      I doesn't matter if its the browser being used. But to answer your question , I never used the browser until they started adding streaming video to their library...now 'certain' channels bring up the browser every 60 seconds or so. But I can usually put up with it for the 5-6 minutes that I need.
  • I see nullsoft have also used this opportunity to force all us old Winamp 2.9 users to upgrade to the bloated POS Winamp 5 player.

    Some of us just want an MP3 player - we don't need cpu-hogging visualisations, 100s of "cool" skins, or any of the rest of it.

    Time to give some of the other players a try, methinks...

    </rant>

    • Re:Where's my patched 2.9x? (Score:5, Informative)

      by The Human Cow ( 646609 ) on Monday April 05, 2004 @04:07PM (#8773174) Homepage
      Last time I checked, Winamp 5 used much the same amount of system resources as Winamp 2.
      Winamp 3, on the other hand, is a whole different ball game.
      • Not for me. The "Load file" dialogue that pops up when you click the "eject" button takes about 10 times longer to appear under Winamp 5. And since that's one of the only two buttons I ever click (the other being play/pause), I've always preferred 2.9x.

        I'm prepared to accept that Winamp 3 was even worse though :-)

        • Re:Where's my patched 2.9x? (Score:2, Informative)

          by Anonymous Coward
          You are probably not using the Classic skin then. I had the new modern skin turned on and it's a real pig. Go back to the Classic skin though and Winamp5 becomes the same as Winamp2
          • I just tried that with the classic skin, and he's right. The first time took several seconds, but after that it's fast (once Winamp has cached the directory contents I assume). I've never noticed because I always use the 'Insert' key. (load entire directory at once)
        • > I've always preferred 2.9x.

          I've preferred 2.0x to the 2.9x versions. I are teh uber luddite :)

          IIRC, somewhere between 2.09 and 2.91, WinAmp stopped including track lengths when you used "Generate HTML playlist", presumably because track length estimation was nontrivial on certain MP3s with borked VBR headers, etc.

          Fun project for tonight - try this exploit on the really old stuff. .MOD is certainly old enough that in_mod.dll might still be in the plugin directory of the old versions.

          Shame

    • Re:Where's my patched 2.9x? (Score:5, Informative)

      by Eponymous Cowboy ( 706996 ) on Monday April 05, 2004 @04:08PM (#8773180)
      Just do what I did, on 2.80:

      Delete in_mod.dll from the "Plugins" directory.

      Hole: Patched.

      Who uses MOD/XM files anymore anyways?
    • I use Irfanview [irfanview.com] with the "all pluggins" patch to play MP3 files and streams. Great light footprint media player and image viewer.

    • Re:Where's my patched 2.9x? (Score:5, Funny)

      by Doesn't_Comment_Code ( 692510 ) on Monday April 05, 2004 @04:09PM (#8773199)
      bloated POS Winamp 5 player

      You know your media player is too big when all the eye candy slows your older computers to the point they can't play mp3's without choking.

    • wrong. (Score:5, Informative)

      by honold ( 152273 ) on Monday April 05, 2004 @04:12PM (#8773226)
      winamp3 was the bloated piece of crap. winamp5 [winamp.com] is not a bloated piece of crap. they dropped wasabi [wasabidev.org]. please check your facts before making posts.

      • Really? (Score:2)

        by ZxCv ( 6138 ) *
        they dropped wasabi.

        Really?

        Going from the link to Wasabi that you provided, I stumbled upon their license page [wasabidev.org], which specifically says that Winamp 5 uses Wasabi:

        "Wasabi is not totally open-source: the core skinning and Maki scripting framework (wasabi.dll) is still closed-source, as it is used in Nullsoft's flagship product Winamp 5."

        Obviously, I could just be missing something. But it sure seems like Wasabi is indeed used in Winamp 5.

      • Re:wrong. (Score:4, Interesting)

        by phoenix.bam! ( 642635 ) on Monday April 05, 2004 @04:50PM (#8773580)
        I wish people bothered to actually learn what Wasabi is. Winamp3 used Wasabi to showcase the technology. It is a scripting language that can do anything (IE: be an mp3 player.) Winamp5 incorporates Wasabi, but it does not run on it. (Winamp5 is ACTUALLY the next version of Winamp2, with parts from Winamp3, hence 2+3=5)

      • Re:wrong. (Score:3, Informative)

        by LucidityZero ( 602202 )
        Recommended system requirements

        * 1.5 GHz Pentium IV or comparable
        * 128MB RAM
        * 30MB Hard Disk Space
        * 32bit Sound Card
        * Windows 2000, Windows XP
        * 8x speed or greater CD Burner (Required for Burning)
        * 16x speed or greater CDROM (Required for Ripping)


        And it's not bloated?

        • Re:wrong. (Score:2, Funny)

          by Anonymous Coward
          Be sure to buy a computer that wasn't manufactured in fucking 1956 Soviet Russia, asshole.
    • Winamp 5 *is* winamp 2, it just has a load of extra plugins, to give it all the cool features of 3. Disable all the extra things like modern skinning and such, and all you have left is winamp 2 + bugfixes + misc non-bloat improvements.

  • Thank goodness (Score:5, Funny)

    by ackthpt ( 218170 ) * on Monday April 05, 2004 @04:06PM (#8773160) Homepage Journal
    Thank goodness I don't listen to music/radio on my computer. You never know where such a thing could lead to.

    Hi from Napster! We've been tracking your listening habits and suggest the following music...Barry Manilow, Air Supply, Leo Sayer. If you act now and buy, we won't tell your friends or neighbors.

  • What I think everyone wants to know is... (Score:5, Interesting)

    by Bytal ( 594494 ) on Monday April 05, 2004 @04:06PM (#8773161) Homepage
    whether this affects the old 2.x series?

  • Damnit! (Score:5, Funny)

    by teamhasnoi ( 554944 ) <teamhasnoi@@@yahoo...com> on Monday April 05, 2004 @04:06PM (#8773165) Journal
    When is the Mac version of this exploit coming out?

    I am so tired of waiting.

  • Upgrade to foobar instead. (Score:5, Informative)

    by eddy ( 18759 ) on Monday April 05, 2004 @04:10PM (#8773208) Homepage Journal

    You can always upgrade to http://www.foobar2000.org/ [foobar2000.org] instead. No more nonstandard interface, a decent mass-tagger, excellent replay-gain support, etc. What's not to like?

    • No media library.
      • No media library.

        Sure there is - From the Foobar2000-> Preferences menu, select Database, and ensure that your mp3 dir is listed in the "Restrict Directories to" box. If you only want specific file types rather than anything foobar can play, restrict file types to *.mp3;*.ogg for example.

        Now hit the Scan button and wait a few.

        Next up is Components->Album List. Boom boom there ya go. As you add new mp3s to your playlist, if they are in your previously mentioned directories, they will be auto-a

  • xm? (Score:2)

    by JaxWeb ( 715417 )
    I've never used a Fastrack XM file in my life. Is this a widely used format?

    • Re:xm? (Score:5, Informative)

      by understyled ( 714291 ) on Monday April 05, 2004 @04:24PM (#8773332) Homepage Journal
      back before mp3 was an option MODs were the shit. XM in particular had numerous things going for the format, including a nicely designed tracker (Fasttracker 2). I was into modding and tracking myself, but i stuck to Impulse Tracker. both programs are quite similar.. but to answer your question, is this a widely used format? it was. the digital music archive [s3m.com] has numerous xm songs, if you're an unbeliever. i'm sure google [google.com] has something to say about XM too.

  • WinAmp Use (Score:5, Interesting)

    by Eberlin ( 570874 ) on Monday April 05, 2004 @04:11PM (#8773218) Homepage
    Is WinAmp the free multimedia player of choice for Windows users? I know we've always talked about how Windows Media Player is eeeevil and RealPlayer is spyware. Where does WinAmp kick in? Does it do video or is it just a music thing? (like a free alternative to MusicMatch Jukebox or whatnot) It has been ages since I've follwed up (as a Linuxer I go between noatun and xmms)

    Basically, I guess the question is how to make a strong case for WinAmp use. I already sing the praises of Firefox and recommend OpenOffice to folks who don't want/can't shell out $$ for MS Office. I recommend AVG as a free virus-scanner. Same with ZoneAlarm, Spybot S&D, and Ad-Aware. What winning argument do I use to say "use WinAmp instead of..." to Windows users who ask?

    • Re:WinAmp Use (Score:3, Interesting)

      by DarkkOne ( 741046 )
      Most people who use winamp use it primarily for MP3s. I honestly can't suggest it for video playback. It's never worked well for me.

      What I will suggest for media playback in general is "Media Player Classic" available at sourceforge. I don't know what the general consensus is here, but for me, it has done what I've asked it to do, and that's good enough for me.
      • I recomend Jet Audio at http://www.jetaudio.com/ for video. Best I've run into yet.
        • I followed your link to JetAudio (I'm always looking for a WinAmp alternative simply because I've used the same program for almost seven years now).

          This is the ugliest web site that I've ever seen! If I didn't know that this was some kind of audio file player software, I never would have known.

          I love the part where they say to download the freeware program and then list all of the features of the U-Pay version. From the description, I couldn't determine one difference between the U-Pay and the 'fr
      • What about Winamp5 doesn't work well for video? I personally have a plethora of cartoons in various playlists, and I watch them in random order all day long while I work. I've found that its an excellent alternative to TV, which I don't have in my office at work (anymore). That, and it helps to keep the suicidal tendancies of work down, you know.

        The only time I use another media player for anything is mplayer2 for porn, and thats only so I can watch lots at once.

        • WA5 always crashes on me when I try to play a video from Section-E [section-e.org]. I believe their videos use MPEG-4 video and AC3 audio and something about that doesn't jibe with WA5. They play back fine in WiMP and PowerDVD.

          WiMP is my player of choice usually since it has easily an easily accessible controls for adjusting brightness, contrast etc. of a video. My monitor is pretty dark for some reason and I always have to boost the brightness in order to see anything. WA5 doesn't have any controls for this as far as
      • Most people who use winamp use it primarily for MP3s. I honestly can't suggest it for video playback. It's never worked well for me.

        I use winamp 5.x primarly for video playback, I find it to work quite well. I can see where you are comming from though... I have another PC and dispite the fact it has a faster CPU... I find that winamp's video play back on it is a touch slugish... I think it's running an ATI rage 128 or some such, where the PC it runs well on is a G-force lame edition.

        I also used winamp

    • Re:WinAmp Use (Score:3, Informative)

      by BFaucet ( 635036 )
      Winamp is pretty much XMMS... It does video to.

      I recommend it as an audio player, but I like Media Player Classic for video.

      history of Winamp:
      http://www.time.com/time/digital/reports / mp3/frank el1.html

      Actually I think the fellows who made XMMS wanted a Linux version of Winamp... in fact XMMS skins are the same format as the old winamp skins.

      Anyway... I like it well enough... I think it's suffered from bloat since Frankel sold NullSoft to AOL, but it's all good.

      Get Winamp 2.X if you want just a good au

      • Re:WinAmp Use (Score:3, Insightful)

        by Roofus ( 15591 )
        Actually I think the fellows who made XMMS wanted a Linux version of Winamp... in fact XMMS skins are the same format as the old winamp skins.

        Yes. Winamp was out before XMMS. Actually, XMMS used to be called X11Amp, which was when I first tried it.

        Let me tell you, when X11Amp first came out, it wasn't even close to the quality and features that Winamp had. It was the best thing around for Unix MP3 playback though, and it's improved and matured greatly since then.

    • Re:WinAmp Use (Score:2, Interesting)

      by crabpeople ( 720852 )
      the one great use that IMHO beats hands down any other media player, is the use of Hotkeys in winamp 5. with this turned on (not on by default) you have a whole range of keyboard shortcuts that can be used to control winamp.

      some ones i use every day are CTRL + ALT + PG DOWN to forward the track, CTRL + ALT + Down Arrow , to lower volume for when phone rings and CTRL + ALT + Insert to restart a track. there are many others to do basically any function. you can change them to whatever you want as well. Prima

    • It has been ages since I've follwed up [since I'am a] Linuxer (...)

      Basically, I guess the question is how to make a strong case for WinAmp use. I already sing the praises of Firefox and recommend OpenOffice to folks who don't want/can't shell out $$ for MS Office. I recommend AVG as a free virus-scanner. Same with ZoneAlarm, Spybot S&D, and Ad-Aware. What winning argument do I use to say "use WinAmp instead of..." to Windows users who ask?

      Why would you care ? It's not that there are no Windows users

    • Re:WinAmp Use (Score:4, Insightful)

      by Jester99 ( 23135 ) on Tuesday April 06, 2004 @12:54AM (#8777145) Homepage
      What winning argument do I use to say "use WinAmp instead of..." to Windows users who ask?

      It really whips the llama's ass! :)

  • Wow (Score:5, Interesting)

    by GarfBond ( 565331 ) on Monday April 05, 2004 @04:12PM (#8773224)
    I can't believe people are actually complaining about winamp bloat. Winamp has been one of the better examples of not-bloat. Sure, 5 is worse than 2, but it's better than 3, and much of the CPU-hogging goes away when you go back to classic skins. For me, the enqueue function makes it well worth it.

    I think the only way you can get less bloated is if you used something like mpg123. XMMS is a winamp-clone on linux anyway.
    • From what I read, the sound engine is still pretty much the same in 2.x, 3.x., and 5.x. This is excluding the sound plugins for enhancements. I still use v2.91 since it still works well and I don't see anything in 5.x that I need.
    • For me, the enqueue function makes it well worth it.

      You could enqueue with Winamp 2.x.
  • I'm sure the millions of people who use Winamp as their main browser will not like this at all.

    And since winamp uses IE for web page rendering people are used to so high standards for security.

    bummer.
  • I used to track mods on the Amiga (protracker) and PC (Fast Tracker2). It was a fairly common occurence for people to load text/image files into songs as a playable instrument within a music module. You could then transfer the module (which contains both the instrument samples & the pointers to the coded music (it's all addressed through HEX!)) and then extract the datafile (save instrument as...) then view it in your favorite image viewer or text editor....

    FYI:
    Data files as instruments do not really s

  • Mikamp module (Score:5, Interesting)

    by execom ( 598566 ) on Monday April 05, 2004 @04:16PM (#8773263) Homepage Journal
    If I remember, Winamp uses a modified version of Mikmod, a well known module player, which is also available in some Linux distro.

    Will this bug be updated in mikmod as well ?

    I hope that one day, Winamp will drop Mikamp and use Modplug instead, which sources has been released and it the best player on Win32 (mikmod sounds horrible on Windows, and is buggy).

    Also modplug plays more formats and is better, although is win32 only;
    • I agree that ModPlug [castlex.com] should be used. I use its player for MOD, S3M, XM, 669, etc. weekly. In fact, I am using it right now to listen to a MOD song. It is a great Windows player for headphones and nice speaker setup!

    • Re: (Score:2, Informative)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion

  • Why are you using Winamp to play XM's anyway? (Score:5, Informative)

    by spyrochaete ( 707033 ) on Monday April 05, 2004 @04:20PM (#8773299) Homepage Journal
    Since version 2, Winamp has been notorious for playing MOD, XM, S3M, and related files inaccurately. It fudges up a lot of the effects, particularly portamento (note slide) and key-off commands. You all should be using ModPlug Player [modplug.com] to play these formats! It ain't perfect but it's the best Windows player there is.

    Why get this player? So that you can drink deeply from the cup of BBS\Internet history! Check out some [hornet.org] MOD [scene.org] sites [wustl.edu] and dig some chippy goodness!

    SHAMELESS PLUG -- Be sure to scope out my MODs [onlinehome.us] as well!

  • Don't load in startup (Score:5, Insightful)

    by DR SoB ( 749180 ) on Monday April 05, 2004 @04:20PM (#8773301) Journal
    Here's an idea to keep yourself free from these type of third party software security issues.

    Don't have it automatically load at boot. Simple! Next, change your association's to only load the files you want (for example, I don't know _anyone_ that uses Winamp for more then video playing and mp3's, what's with the .XM files?) So, go to command prompt (or your favourite association editor) and type ASSOC and change the association of .XM files.. Pretty simple.. In fact, change all associations except .WAV, .MP3 and .MPEG (or whatever video/audio formats you prefer), that deal with Winamp.

    Another way to change file associations is to go into Explorer, "Tools" pull down menu, select "Folder Options", click the tab "File Types" and you can delete them from here.

    Now this solves the loading problem, if it loads only when you click on your MP3 you don't have to worry about it leaving open ports (this goes for any third party software you don't need running all the time..). Not only will this prevent this sort of attack, but you'll get some freed resources, and a faster boot time, 'to boot'!..
    • what's with the .XM files? .XM files are one of the common extentions for "modules", music files with sampled instruments - the music is not in audio format, but in the form of instruments and several "tracks", telling which note to play at any given time (that's a generalization)

      Modules are quite popular in the electronic scene, and if you got the right player, usually sound much better than the equivalent MP3.

      Plus, if you are into MAKING electronic music, with a module you have the actual SOURCE for it

    • Another way to change file associations is to go into Explorer, "Tools" pull down menu, select "Folder Options", click the tab "File Types" and you can delete them from here.

      Winamp is a bit tricky with file associations. There's a blanket file type called "Winamp Media File" (or something like that...I'm on my Mac right now so I can't check) which includes all of the file extensions that Winamp handles. If you go into The "Folder Options" it's not as simple as sending mp3 to Winamp, but ogg vorbis to

  • No upgrade required (Score:5, Informative)

    by Anonymous Coward on Monday April 05, 2004 @04:23PM (#8773321)
    If for some reason it is impossible to download the updated version of
    Winamp, the vendor has informed NGSS that it is possible to disable the
    handling of Fasttracker 2 module files by taking the following steps:

    1. Right click the Winamp player, go to 'Options' and then to
    'Preferences...'.

    2. In the new window which loads, go to 'Plug-ins' and 'Input'.

    3. Look for the input plug-in items 'Nullsoft Module Decoder' and double
    click it to bring up the 'Nullsoft Module Decoder Preferences' window.

    4. Select the 'Fasttracker 2' loader and deselect the 'Enabled' checkbox to
    the right of the loaders list.

    5. Close all of the option windows and return to the main player.

  • Third Party Software Sucks (Score:5, Funny)

    by Mordack ( 756812 ) on Monday April 05, 2004 @04:29PM (#8773383)

    Crap like this is why you should never use third party software like Winamp. Stick with Microsofts line of quality products and you'll be safe.

    Seriously, just look at the time it took to fix this bug. I could almost read the entire headline before the fix. The bug took as long to fix as to read the comma between "Discovered" and "Patched". I expect better from Third Party software.

    Until Third Party software is able to show they care about their products I can only recommend that you stick with 100% Microsoft Approved Solutions.

  • More than a security fix (Score:5, Informative)

    by superyooser ( 100462 ) on Monday April 05, 2004 @04:31PM (#8773409) Homepage Journal
    Many small bug fixes and improvements [winamp.com] are included in this new version (5.03) just from 5.02. Also interesting is that they removed AOD (those annoying AOL On Desktop links) from the installer.
    * fixed a crash bug when playing some AVI files in in_dshow
    * added multimedia keyboard keys in global hotkeys default configuration
    * added "Manual playlist advance" in Repeat button popup menu in Classic mode
    * improvements in MP3 encoder configuration (added --alt-preset standard, etc...)
    * made the tabs in the preferences XP correctly themed under Windows XP
    * revamped the Media Library preferences a bit
    * new experimental WMA9 input plugin
    * gen_jumpex updates from DrO
    * added "Nuke library" action in Media Library
    * more upside down videos fixes
    * fixed crash if a plugin generated a pledit wm_windowposchanged on shutdown
    * fixed crash exploit in in_mod (thanks Peter Winter-Smith)
    * fixed various crashes in in_midi when playing invalid files
    * made in_midi store its settings in winamp.ini instead of the registry
    * fixed error during installation on computers with chinese/oriental regional settings
    * removed AOD from installer
    * added Shift-R to toggle manual playlist advance
    * updated VP6 video decoder to latest VP6.2 code
    * fixed crash when launching winamp with very long filenames from explorer
    * made registration dialog to appear in Explorer's taskbar when installing pro version
    * fixed pledit/video windows showing up at startup when minimized
    * modern skins updates :
    - winamp modern skin now uses a 3 state repeat button: no repeat/repeat all/repeat track
    - added appplication desktop toolbars capabilities for layouts, add appbar="left|top|right|bottom" to
    use them
    - upped maki binary version, improved stack protection
    - current skin version number is 1.2 (this should not change for a long while now, and of course we continue
    to support 0.8 to 1.1)
    - (very) limited maki debugger (for now you can bring it up with invokeDebugger(); in a script then use 'x'
    - to continue and 'i' to trace into)
    - fixed obscure capture problem with dragging windows
    - fixed rectrgn being forced to 1 in xml xuiobject buttons that are originally imageless
    - fixed hilited state not on after clicking on buttons while the mouse stays in area
    - fixed scripted onEnterArea/onLeaveArea not being always correctly called while mouse button stays down
    - fixed getToken being passed NULL throwing guru
    - fixed clipping of painting within the background's region of a group rather than within the composed
    region (the one you can change with sysregion)
    - fixed image cache problem when using the same bitmap as a map and a button image parameter

  • Fix for winamp 2.91 (Score:4, Informative)

    by C32 ( 612993 ) on Monday April 05, 2004 @04:33PM (#8773420)
    Just do a minimal install of 5.03 (without letting it integrate into the shell, etc) and copy the new in_mod.dll from /winamp5dir/plugins to /winamp2.91/plugins..

    While you're at it; all the new and updated input plugins (in_mp3, in_midi, etc) seem to work just fine in 2.91.
  • The core Foobar2000 is quite slim and....
    you can choose to download and install the open source components (official or third parties) that you want....
    this is customization as it should be.
  • Now is a good time to do that, if you're already going through the trouble of a download and a re-install.

  • Fresh from the llama's ass (Score:3, Informative)

    by t0qer ( 230538 ) on Monday April 05, 2004 @04:51PM (#8773587) Homepage Journal
    This quality karma whoring brought to you by toqerTV [205.188.234.33]

    Hot off #nullsoft

    i don't even think the exploit is in our code
    ron, is the exploit in the decoder?
    isn't it in mikmod
    When is the Mac version of this exploit coming out?
    I am so tired of waiting.
    hehe
    i don't think we even wrote that xm decoder
    *** Quit: statsbot (Ping timeout: 180 seconds)
    *** Join: DrunkenMaster (DM@adsl-66-159-200-78.dslextreme.com)
    `steev: the exploit was in the mikmod library that's used by in_mod for xm decoding
    so its not even our code heh
    yeah
    there you go
    it's not even our fault the exploit exists

    So this isn't even a winamp bug, it's a mikmod bug.
  • Because of the type of files affected by this bug, this thread may be the most appropriate to ask it: being that FastTracker 2 [gwinternet.com] is a bit outdated, what tracker software are people currently using?

    I'm no music composer, so expensive packages are but. I just want something to have some fun in the spare time, kinda like FT2, just a bit easier on newer hardware and (Gor forgive-me) that runs under Windows.

    Thanks!
  • FreeAmp, now called Zinf, can be downloaded here. [zinf.org] Free, open source, runs on Linux and Windows. No advertising. Just plays.
  • I use the "XM tracker format" "all the time"...

    I'm so scared...

    Some of this "vulnerability" stuff is getting out of hand.

    Reminds me of the Marty Feldman bit where he goes into an insurance broker's office and asks him if he is protected "from falling into a pit of hedge-hogs whilst playing croquet" and "from being struck by a meteorite whilst sun-bathing on the beach?"

    • I use the "XM tracker format" "all the time"...

      I'm so scared...
      You don't need a collection of files in this format, it is just a matter of going to a website that was written to take advantage of the vulnerability, and having winamp associated with XM tracker files.

      Regardless, if you use winamp, you should keep it up-to-date. It's not difficult, and it's a good practice for all your software (or at least the ones with free updates).
  • Who said XM is a classic format?

    Bah!

    If it's ain't an original .mod file then it ain't worthy of the name Tracker!

  • Warning!! Win32 Version is not Stable! (Score:3, Informative)

    by Dolemite_the_Wiz ( 618862 ) on Monday April 05, 2004 @08:45PM (#8775691) Journal
    This new version crashes hard (drwatson) after adding songs from a directory and then trying to play them in WinAmp.

    Vulnerablity or not, I'm going back to the old version.

    Dolemite
    __________________________

Slashdot Top Deals

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."

Close