Security Flaw in Winamp Discovered

MegaRock · 31st August 2004, 22:15

A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs. With Internet Explorer this can be done without user interaction.

An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag and get it to run in the "Local computer zone". This can be exploited to run an executable program embedded in the Winamp skin file using the "object" tag and the "codebase" attribute.

NOTE: The vulnerability is reportedly being exploited in the wild.

The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.

Posted from Neowin

dylman · 31st August 2004, 22:21

Winamp 5.05 has been released which addresses this vulnerability.

http://forums.winamp.com/showthread....hreadid=191604
http://forums.winamp.com/showthread....hreadid=190902

This exploit was both discovered and patched last week, by the way.

drewbar · 31st August 2004, 22:29

<valley girl>
That is SO last week. Like, get with the time MegaRock.
</valley girl>

Mr Jones · 31st August 2004, 22:34

Sorry , this has been dealt with in numerous other threads, most noticeably this one...

http://forums.winamp.com/showthread....hreadid=190902

And this front page news article.
http://www.winamp.com/about/article.php?aid=10605

And as the issue has now been resolved with the release of 5.05 this topic is moot, and locked.

Bilbo Baggins · 31st August 2004, 22:46

I was going to lock this, but got distracted. When I refreshed. Bam.

31st August 2004, 22:15	#1
MegaRock Forum King Join Date: Jun 2003 Location: Inside my water bong Posts: 6,865	Security Flaw in Winamp Discovered A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system. The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs. With Internet Explorer this can be done without user interaction. An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag and get it to run in the "Local computer zone". This can be exploited to run an executable program embedded in the Winamp skin file using the "object" tag and the "codebase" attribute. NOTE: The vulnerability is reportedly being exploited in the wild. The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1. Posted from Neowin Megarock Radio - St. Louis Since 1998! Don't click this link! Corporate Radio Sucks! No suits, all rock!

31st August 2004, 22:21	#2
dylman Forum King Join Date: Oct 2001 Location: Hawarden Posts: 2,115	Winamp 5.05 has been released which addresses this vulnerability. http://forums.winamp.com/showthread....hreadid=191604 http://forums.winamp.com/showthread....hreadid=190902 This exploit was both discovered and patched last week, by the way. There's no need to tell me when I'm right; I operate on that principle exclusively and with absolute certainty

31st August 2004, 22:29	#3
drewbar Sawg 2.0 Major Dude Join Date: Mar 2004 Posts: 5,916	<valley girl> That is SO last week. Like, get with the time MegaRock. </valley girl> Count with us! Jan 1st, 12AM (PST, GMT -8) 2010 - 282,246

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

31st August 2004, 22:34	#4
Mr Jones Nothing to say... Join Date: Sep 2000 Location: UK Posts: 23,098	Sorry , this has been dealt with in numerous other threads, most noticeably this one... http://forums.winamp.com/showthread....hreadid=190902 And this front page news article. http://www.winamp.com/about/article.php?aid=10605 And as the issue has now been resolved with the release of 5.05 this topic is moot, and locked.

31st August 2004, 22:46	#5
Bilbo Baggins Wind Chime of the Apocalypse Join Date: May 2000 Location: The Forest Posts: 17,228	I was going to lock this, but got distracted. When I refreshed. Bam.