navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Winamp 5.x - not an insecure program?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Nullsoft
And, this specific program:
Winamp 5.x

This thread has been marked as resolved.
Fabiow Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 21:19
Ranking: 5
Posts: 8
User Since: 24th Jul, 2009
System Score: N/A
Location: CH
Dear All,

According to http://secunia.com/advisories/product/3021/?task=a... there are currently two highly critical unpatched vulnerabilities affecting Winamp 5.x. Now, PSI does not indicate Winamp as an insecure progrm. I finally discovered it under "secure browsing".

I am thus wondering whether this is expected behaviour and, if so, why?

Many thanks for any clarification.

All the best,

Fabio

Post "RE: Winamp 5.x - not an insecure program? " has been selected as an answer.
Maurice Joyce RE: Winamp 5.x - not an insecure program?
Handling Contributor 21st Oct, 2010 21:55
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 21st Oct, 2010 22:14
One of the vulnerabilities is a plug in & would show in the Browser element.

There is a special library that tells U about all the programmes suffering from Insecure Library Loading.

The list is here:

http://secunia.com/advisories/windows_insecure_lib...

They do not show in the Insecure section after a scan because there is nothing we can do until the vendor fixes the problem.

Sorry - I edited this because I misread your post. I assume Winamp is showing as Secure in the Patched Programmes?

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
Fabiow RE: Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 22:52
Score: 5
Posts: 8
User Since: 24th Jul 2009
System Score: N/A
Location: CH
Thanks Maurice for the quick reply. I confirm that Winamp 5.x shows up as "patched".

I realize that under "secure browsing" SA41093 appears since, as a plug-in related issue, it has a connection to secure browsing. SA40534 does not show up because a) there is no fix (yet) from the vendor, and because b) the issue is not related to secure browsing.

I also understand that "patched" does not have to mean secure if security fixes are not available for certain issues; it is possible for programs to appear as patched, and "insecure" at the same time.

Thanks again for the kind assistance!
Was this reply relevant?
+0
-0
Maurice Joyce RE: Winamp 5.x - not an insecure program?
Handling Contributor 21st Oct, 2010 22:58
Score: 11830
Posts: 9,072
User Since: 4th Jan 2009
System Score: N/A
Location: UK
If U want more input from a Secunia Official leave the thread open.

If your query has been fully answered could U please lock (Accept) the thread. This will prevent us both from receiving update emails from "tag on" posts.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
ddmarshall RE: Winamp 5.x - not an insecure program?
Dedicated Contributor 21st Oct, 2010 23:16
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
You can stop the Insecure Load Library vulnerability being exploited by installing the KB2264107 update for your system via http://support.microsoft.com/kb/2264107 and then running the Fixit.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
Fabiow RE: Winamp 5.x - not an insecure program?
Member 21st Oct, 2010 23:28
Score: 5
Posts: 8
User Since: 24th Jul 2009
System Score: N/A
Location: CH
Thanks, I will do that.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+