Winamp 5.623 is based on the Winamp 2 codebase, with several Winamp3 features incorporated and more general tweaks, improvements, fixes and optimizations. Winamp Player 5.623 is a flexible and sophisticated application for playing and managing your music. Winamp supports CD, MP3, WAV, Audiosoft, Audio Explosion, MOD and other audio formats, custom. This new build of Winamp is the same as 5.12 but with the above security fix implemented.

Winamp has just released their 5.12 version last December 9, 2005, and now a new exploit for the new version is out. FR-SIRT already released and advisory(as well as the PoC) and yes, it works. As described in the attack vector: “make a html page containing an iframe linking to the .pls file.”

The author also released a link to a site which utilized the iframe, and here are some notes:

• On visiting the link via FireFox, a dialog box asks you whether you want to download, or open the file.
  
• On IE, however, the PoC is automatically executed without any warning.

I therefore conclude, if you have the vulnerable version of Winamp (and no patched version yet), use FireFox when browsing the web. No reports of this ITW yet.

The Nullsoft Database Engine powers the local media library, history, and the CD metadata database. It is relative simple and has a small query language. Most winamp data can be found in the file 'main.dat', which on Windows machines is usually stored in a location like 'C:Documents and Settings<username>Application DataWinampPluginsml' (citation needed). Viluthugal tamil serial.

Winamp 5.12 Exploit

For more information describing the Nullsoft Database Engine format, see here.

External Links

• NDEPHP - an open source project that can read the database using PHP.

Winamp 5.12 Download