AOL patches serious Winamp bug

Winamp 5.12 users susceptible to "extremely critical" vulnerability

Users of America Online Inc.'s Winamp 5.12 media player are being told to upgrade their software following the release of malicious code that could be used to take over a Winamp user's system.

A new version of the Winamp player was released around 1 p.m. Pacific time, Monday afternoon, one day after hackers posted exploit code on the Web site ( that could be used to run unauthorized software on computers running Winamp 5.12 with Windows XP.

Using this exploit code, hackers would be able run their malicious software by tricking users into clicking on specially crafted Winamp playlists, security firm Secunia ( said in an advisory, released Monday. Winamp playlist files contain the .pls suffix.

Secunia has rated this vulnerability "extremely critical."

The problem only affects Winamp 5.12 users, who will now be greeted with a popup message advising them to update to the newer version ( of the software, said AOL spokeswoman Deana Graffeo. Earlier versions of the product are not vulnerable, she said.

Winamp is a widely used music and video player and has "millions" of users worldwide, Graffeo said.