Saw this from slashdot.org and thought I'd posted here as well since there are a lot of Winamp users here as well.

There is a Winamp (3.x and 5.x) out in the wild which targets the way Winamp loads the skin file.

Description:
A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs. With Internet Explorer this can be done without user interaction.

An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag and get it to run in the "Local computer zone". This can be exploited to run an executable program embedded in the Winamp skin file using the "object" tag and the "codebase" attribute.

NOTE: The vulnerability is reportedly being exploited in the wild.

The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.

Full details here

Currently there is no fix for it yet. So be aware of any Winamp Skins sent to you or from doddy websites.

Edit: Just realised that the only versions affected by this bug is 3.x and 5.x series.

so even the brand new winamp doesnt stop this eh?

i still cant give up 2.78

i still cant give up 2.78

werd!

I finally uninstalled winamp last week. Final step in the switch to Foobar2000

2.62 bitches :)

Heh just as I finally upgraded from 2.8/ Oh well, 5.x is heaps better.

lol IE

Even more reason to use foobar2000 people. Best audio player ever.

Playlist-centric audio player, best thing since sliced bread. Makes for awesome easy organisation of mp3s.
http://www.q.ausanime.com/upload-files/foobarmain.png

Another excellent feature is the masstagger which makes cleaning up your files info tags easy.
http://www.q.ausanime.com/upload-files/foobarmasstagger.png

As annoying as many people find it I really like this feature:
http://q.ausanime.com/upload-files/foobarsystray.png

last edited by [Q] at 14:11:00 27/Aug/04

Where did you get that 'artist' bar on the side from?

Just had a quick browse through the options and couldn't find a way to enable it.

yes! foobar looks pretty good... just installed it n had a go, runs the same mirc plugin for mp3 spam to irc, very nice id3 tagging options :D
although the winamp vulnerability wouldn't have effected me coz i used the standard skin.

2.xx for the win

it plays music quite nicely!

I'm still with 2.xx ;) woot.

2.81 is the shiznit

iTunes is winnar

I'm still on 2.81 default skin =)

Heh, ditto to that Loki. Sif there's any reason to change.

im on 2.93 default skin :D

windows media player 9 for the win

i still cant give up 2.78

Does anyone have a direct link to download this version?

Maybe you should have read the Google thread...

http://www.oldversion.com/downloadx/winamp278.exe

maybe

windows media player 9 for the win

sure... if you like being butf***ed by "the man"...

does foobar2000 allow u to search for songs on your hard drive?

5.05 has been released. i believe itr fixes the skin security bug thing
http://www.winamp.com/player/

edit: here we go

Winamp 5.05:
* Security bug fix
* Fix for upside down videos through DirectShow
* JTFE v0.96c
* Added prompt when loading a skin for the first time

last edited by Freewheelin at 09:51:58 28/Aug/04

Hrm foobar isnt too bad, I gave it a go but I couldn't see any EQ or anything, is there one in there somewhere hiding or do u have to d/l a plugin or something?

I have kinda large speakers and winamp with the EQ set nicely really makes a big diff, other than that I like a few of foobars features over winamp.

last edited by rubba-chikin at 11:25:15 28/Aug/04

ive actually associated mp3s with windows media player, but i play play lists through winamp

i used to get s***ted off if i double clikced a song and it cleared my playlist

Rubba, There's an equalizer component that comes with the "foobar2k0.8.3_special.exe" installation. (Either that or it can be found in their plugins section. It's not a window though, you access it in the prefereces.

Here's my Foo. (the album cover is from samurize with it's media plugin).
http://dan.ausgamers.com/images/foo-28-08-04.jpg

as Dan sed but here are some pics... :P

http://dem0n.qgl.org/images/temp/foobar3.jpg
http://dem0n.qgl.org/images/temp/foobar2.jpg

& here is my quick colour setup job... which i will no doubt change 100 more times :P~

http://dem0n.qgl.org/images/temp/foobar1.jpg

Im using the foo_ui_columns plugin for foobar. That is what allows the playlist to be nicely structured like that. If anyone wants that I can host it for you.

I tried foobar, it reminded me too much of a windows 95 program, I never want to be reminded of that :(

i bet it's really really good at playing music

just tried foobar now. i like it.

Q can you please give me a crash course in setting my foo up like yours with awsome colors like that and with the columns? Or just host your config files/plugins?

Thanks mate. Also, where do i get a decent visualisation for this foo thing... why have i not heard of this before?

demon how have u changed colours of certain bits of the playlist??

I can change the colour of the whole thing and the background etc, but how have you set diff colours for mp3#, tracknumber and title etc?

Thats it!

Demon and Q i demand zippage of your foo dir and hostage it somewhere for us n00bs to leech it.


..

please.

i use winamp 2.81

it plays music.

so does windows media player and it comes with windows. If all you want is something that plays music why bother with the download?

been experimenting with some plugins and config files and this is what mine came out as

its mainly stolen but i care not :p

http://members.optushome.com.au/bensoncj/foobar.jpg

If anyone wants the config lemme know and ill post it up.

last edited by rubba-chikin at 20:29:10 29/Aug/04

demand zippage of your foo dir and hostage it somewhere for us n00bs to leech it

Tis 4 megz and i havent got room on my webspace, easier way...

1)
Download the Columns UI plugin
http://members.lycos.co.uk/musicf/foo_ui_columns.dll

2) When inside foobar go to preferences > display, then in the drop down menu on the right side select columns UI

3) restart foobar and it should look different in columns

4) Get my config file:
http://members.optusnet.com.au/bensoncj/orange-white-black.fcs


5)go back to pref > display , then under that there should be a column ui bit go there and select the Other tab in the right panel

6)from there import my config in and hellllooo colours!





last edited by rubba-chikin at 21:10:48 29/Aug/04

Once you have foo_ui_columns installed then all you need to do is import this config file and yours will look like mine:

http://q.ausanime.com/upload-files/foobartheme.fcs

Tried Foobar2000, didn't like it. It ended up using more memory than Winamp 5.05 with all of my playlist loaded (1,903 songs) and I tried to play the same song:

Foobar 2000 (0.8.3) Mem usage: 3.1 MB
Winamp Pro (5.05) Mem usage: 2.6MB

- Same song MP3, VBR
- Both played in minimised mode
- Default skin
- No visualisation
- The only thing I changed for Foobar2000 is loaded the ColumnUI and [Q]'s colour prefrence.

Foobar2000 consistanly has larger memory foot print than Winamp.

It doesn't support WMA with DRM protection -- at least I couldn't find resource to tell me how and yes I do have the license file Winamp works with DRM just fine. I'm sure these issues will be address by the Foobar2000 team in the near future after all it's not even version 1 yet :)

Clearly in my book Winamp is still a winner. Apart these tiny problems, it's a pretty nifty player.



last edited by Opec at 10:15:22 30/Aug/04

i just tried mine then

foobar is about half the footprint of winamp 2.9 for me

XMMS, Linux open sauce winamp rip

I didn't load any themes... I just changes the title formatting. added a check for the Genre, Comment & Year ID3 tags & then coloured 'em up on the output. Here is a copy of my foobar2000.cfg but I warn you that if it is used in conjunction with other formatting scripts it may f*** up. It was a very quick one night hack which I intend to improve on as I get to know it better.
Heh, Opec... 0.5Mb more memory use!!! I don't know how i'll spare it... seeing as I have 1.5Gb of RAM! ;p~
Winamp is still the more developed player... but I like foobar coz it gets rid of that stupid buttony interface n just gives me a phat playlist that i can configure to display the info I most want to see! s'all about the configs!

[EDIT]: found the id3v2 tag support :P


last edited by demon at 10:51:08 30/Aug/04

Heh, Opec... 0.5Mb more memory use!!! I don't know how i'll spare it... seeing as I have 1.5Gb of RAM! ;p~

Damn you :) It's average about 1 MB more but yeah if you have a huge ass RAM then you won't care but us povo do care! :)

Like I said it's still only version 0.8.3, I'd try it again when it's close to version 1

Getchore fix for the exploit (plus a free mp3!): http://www.winamp.com/player/free.php