Nullsoft division has released a
patch to fix a vulnerability in the popular skinning feature in its
WinAmp media player.
Just days after security researchers warned a zero-day exploit was circulating in the wild, Nullsoft released WinAmp 5.05 to modify the way the skin installer mechanism works.
According to the Nullsoft advisory, WinAmp will now prompt all users with a confirmation window before installing any skins and will only extract files considered low risk before loading a WinAmp skin.
The flaw, rated "extremely critical" by network security firm Secunia, affects WinAmp versions 3.0, 5.0 and 5.0 Pro.
An active exploit, which has been spreading on Internet Relay Chat (IRC)
WinAmp skins have a huge following because they allow users to adopt colorful, customizable and interchangeable sets of graphics that change the look and feel of the software.