Zero-day exploit exposes Winamp users

Winamp has published a security update to fix a critical vulnerability in its media player.

The move came after a security researcher known only as 'Kozan' discovered a flaw in Winamp 5.12 that could be exploited to compromise users' systems. Proof of concept code was published on Sunday. 

Attackers could exploit the flaw through a specially crafted playlist file. On opening the file the flaw results in a buffer overflow, allowing remote hackers to launch applications and take control of compromised systems.

The vulnerability effectively allows the attacker to turn the computer into a zombie system or steal data from the system's hard drive.

Security firm Secunia gave the flaw its most severe security rating of 'extremely critical'.

The free Winamp media player is owned by AOL, and the vulnerability has been confirmed only for version 5.12.

Users launching the application will automatically be prompted to update to version 5.13, an AOL spokesperson told vnunet.com. Alternatively they can download the updated application from the Winamp website.