Winamp 5.12



OldVersion.com provides free. software downloads for old versions of programs, drivers and games. So why not downgrade to the version you love? Because newer is not always bett. Download WinPIS - Turn your Winamp into a professional radio automation tool, using functions such as playlist control, voice overs and inserting commercial jingles. DOWNLOAD WinPIS 5.12.0.850. Winamp 5.12 - Zero Day Exploit For Unpatched Vulnerability - posted in General Security: Please be careful if you use WinAmp as a media player on your system. A new exploit has surfaced for an.

This module exploits a vulnerability in the Winamp media player. This flaw is triggered when an audio file path is specified, inside a playlist, that consists of a UNC path with a long computer name. This module delivers the playlist via the browser. This module has only been successfully tested on Winamp 5.11 and 5.12.

Winamp has just released their 5.12 version last December 9, 2005, and now a new exploit for the new version is out. FR-SIRT already released and advisory(as well as the PoC) and yes, it works. As described in the attack vector: “make a html page containing an iframe linking to the .pls file.”


The author also released a link to a site which utilized the iframe, and here are some notes:



  • On visiting the link via FireFox, a dialog box asks you whether you want to download, or open the file.
  • On IE, however, the PoC is automatically executed without any warning.
5.12

I therefore conclude, if you have the vulnerable version of Winamp (and no patched version yet), use FireFox when browsing the web. No reports of this ITW yet.

5.12
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

The Nullsoft Database Engine powers the local media library, history, and the CD metadata database. It is relative simple and has a small query language. Most winamp data can be found in the file 'main.dat', which on Windows machines is usually stored in a location like 'C:Documents and Settings<username>Application DataWinampPluginsml' (citation needed).

For more information describing the Nullsoft Database Engine format, see here.

External Links

  • NDEPHP - an open source project that can read the database using PHP.

Winamp 5.12 Exploit

Retrieved from 'http://wiki.winamp.com/index.php?title=Nullsoft_Database_Engine&oldid=61416'