WinAMP skin exploit in the wild

WinAMP skin exploit in the wild
Security site Secunia has issued a warning about a security exploit using WinAMP skins. The problem is within WinAMP's skin zip files' (.wsz files) insufficient restrictions to control what can be launched from skin file's XML "browser" tag.

With this exploit, a skin file can launch executable programs when used with WinAMP, thus allowing malicious WinAMP skins to be created that can do virtually anything with user's computer. At the moment the solution to the problem is to use some other media player instead of WinAMP. The vulnerability has already been found in the wild.



Source: Secunia

Written by: Petteri Pyyny @ 26 Aug 2004 14:04
Advertisement - News comments available below the ad

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud