Forum Thread: Winamp 5.x - not an insecure program?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Nullsoft
And, this specific program:
Winamp 5.x

This thread has been marked as resolved.
Fabiow Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 21:19
Ranking: 5
Posts: 8
User Since: 24th Jul, 2009
System Score: N/A
Location: CH
Dear All,

According to http://secunia.com/advisories/product/3021/?task=a... there are currently two highly critical unpatched vulnerabilities affecting Winamp 5.x. Now, PSI does not indicate Winamp as an insecure progrm. I finally discovered it under "secure browsing".

I am thus wondering whether this is expected behaviour and, if so, why?

Many thanks for any clarification.

All the best,

Fabio

Post "RE: Winamp 5.x - not an insecure program? " has been selected as an answer.
Maurice Joyce RE: Winamp 5.x - not an insecure program?
Handling Contributor 21st Oct, 2010 21:55
Score: 11932
Posts: 9,158
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 21st Oct, 2010 22:14
One of the vulnerabilities is a plug in & would show in the Browser element.

There is a special library that tells U about all the programmes suffering from Insecure Library Loading.

The list is here:

http://secunia.com/advisories/windows_insecure_lib...

They do not show in the Insecure section after a scan because there is nothing we can do until the vendor fixes the problem.

Sorry - I edited this because I misread your post. I assume Winamp is showing as Secure in the Patched Programmes?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Fabiow RE: Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 22:52
Score: 5
Posts: 8
User Since: 24th Jul 2009
System Score: N/A
Location: CH
Thanks Maurice for the quick reply. I confirm that Winamp 5.x shows up as "patched".

I realize that under "secure browsing" SA41093 appears since, as a plug-in related issue, it has a connection to secure browsing. SA40534 does not show up because a) there is no fix (yet) from the vendor, and because b) the issue is not related to secure browsing.

I also understand that "patched" does not have to mean secure if security fixes are not available for certain issues; it is possible for programs to appear as patched, and "insecure" at the same time.

Thanks again for the kind assistance!
Was this reply relevant?
+0
-0
Maurice Joyce RE: Winamp 5.x - not an insecure program?
Handling Contributor 21st Oct, 2010 22:58
Score: 11932
Posts: 9,158
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If U want more input from a Secunia Official leave the thread open.

If your query has been fully answered could U please lock (Accept) the thread. This will prevent us both from receiving update emails from "tag on" posts.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: Winamp 5.x - not an insecure program?
Dedicated Contributor 21st Oct, 2010 23:16
Score: 1238
Posts: 980
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You can stop the Insecure Load Library vulnerability being exploited by installing the KB2264107 update for your system via http://support.microsoft.com/kb/2264107 and then running the Fixit.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
Fabiow RE: Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 23:28
Score: 5
Posts: 8
User Since: 24th Jul 2009
System Score: N/A
Location: CH
Thanks, I will do that.
Was this reply relevant?
+0
-0

This thread has been marked as locked.