Here is some incentive now to upgrade to the latest WinAmp version (2.80) . Apparently, according to this ZDNet News article, there is a buffer overflow bug in the WinAmp 2.79 minibrowser which could allow a hacker to embed code into the ID3v2 tag. Disabling the minibrowser or upgrading to WinAmp 2.80 will fix them problem. Check out the article if you want more information.

btw, Winamp has been updated to v2.80a yesterday, direct download links:
lite | standard | full

What's new in a?

output plugin fixes, new in_vorbis, winampagent fixes

Nice. < upgrading...>

I tried that download link and according to the little version history window, it just lists 2.80, not 2.80a.

You sure you gave the right links?

i didn't bother trying but the directory shows new dates so it must be the new one (downloading) [edit] yes it is v2.80a

More evidence ID3v2 is just plain evil

--
GCP

It just goes to show that you can never be too careful,as my dear old mum used to say

I take it this *only* affects v2.79? And does it affect things if the minibrowser isn't visible/activated?

probably affects all pre-v2.80 with id3v2 support (it's really not my section)

Info here:


http://online.securityfocus.com/news/383

Peter,

OK, so there's 2.80a - what is the difference with 2.80ai (see installer)?

[Edit]
I've just been informed that zZzZzZ doesnt know the difference, so this is probably redundant.

Ruairi

I haven't seen anywhere this problem affects all versions prior to 2.79. Where did you get your information? Everything I have read, specifically says 2.79. Also, lots of luck trying to download the new version, the Winamp site has been down for the past three days. (at least in my experience) And, I don't believe this virus/trojan can do anything, unless you have the minibrowser open.

Strange... works 100% OK here.