14 DAY TRIAL // It looks like nowadays no programs are safe from hackers, and not even the player from Nullsoft, the famous Winamp, is out of harm's way.
Thus, some versions of the player contain a very dangerous flaw, related to the multiplication of MP3 files, which can be used by hackers to launch malicious codes.
The security breach consists of a buffer overflow in the management of ID3v2 tags, which a hacker can exploit by creating a MP3 file which contains an extremely long string in the artist and title fields. Once opened with WinAMP, the file can execute malicious codes, which could compromise the system's security.
The vulnerability has been discovered by Leon Juranic from LSS Security Team, and applies to versions 5.091, 5.09 and 5.03a of WinAMP, but not to the latest version, 5.093. The security company Secunia considers this vulnerability to be a very serious one, because it allows hackers to exploit it in order to spread viruses, worms, spyware and other types of malware.
In order to avoid the possible risks related to this vulnerability, the users are advised to download the latest WinAMP version, which can be found here.