Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Winamp and Shoutcast vulnerabilities

In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pl…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file. There were some workarounds mentioned, however all those workarounds can be subverted. There is a new release available http://www.winamp.com/player/.


The Security Fix lent some coverage to this yesterday. The way Winamp associates itself with playlist files under windows, explorer would likely automatically open any .pls file with winamp (if installed) and ... game over. So, if you have Winamp installed, update it. Exploit in the wild....

There was also a Shoutcast vulnerability (getting problems at both ends today in online audio eh?) the vulnerability itself is old Secunia reported it in December of 2004. However, an exploit has been found in the wild. The vulnerability affects Shoutcast v. 1.9.4 and earlier. 1.9.5 fixes the issue. Apparently quite a few folks have stuck with older versions. It's (past) time to update.