AOL Patches Serious Winamp Bug

Users of America Online's Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system.

A new version of the Winamp player was released on Monday afternoon, one day after hackers posted exploit code on the milw0rm.com Web site that could be used to run unauthorized software on computers running Winamp 5.12 with Windows XP.

Playlist Problem

Using this exploit code, hackers would be able run their malicious software by tricking users into clicking on specially crafted Winamp playlists, security firm Secunia said in an advisory, released Monday.

Winamp playlist files contain the .pls suffix.

Secunia has rated this vulnerability "extremely critical."

The problem only affects Winamp 5.12 users, who will now be greeted with a popup message advising them to update to the newer version of the software, says AOL spokesperson Deana Graffeo.

Earlier versions of the product are not vulnerable, she says.

Winamp is a widely used music and video player and has "millions" of users worldwide, Graffeo says.