AfterDawn: News

WinAMP skin exploit in the wild

Security site Secunia has issued a warning about a security exploit using WinAMP skins. The problem is within WinAMP's skin zip files' (.wsz files) insufficient restrictions to control what can be launched from skin file's XML "browser" tag.

With this exploit, a skin file can launch executable programs when used with WinAMP, thus allowing malicious WinAMP skins to be created that can do virtually anything with user's computer. At the moment the solution to the problem is to use some other media player instead of WinAMP. The vulnerability has already been found in the wild.



Source: Secunia

Written by: Petteri Pyyny @ 26 Aug 2004 14:04

• Previous article

• Japanese record industry raided

• Next article

• Indie music e-store launched in the UK

• 4 comments

• Ghostdog

  This doesn´t affect Winamp 2.80, does it?

  27.8.2004 05:12 #1

• LlamaKing

  This issue is now resolved with the latest release of Winamp.
  
  All users are advised to upgrade to Winamp 5.05 asap!
  http://www.winamp.com/player/
  
  Changelog:
  http://www.winamp.com/player/version_history.php
  
  More info:
  http://forums.winamp.com/showthread.php?threadid=191604
  http://forums.winamp.com/showthread.php?threadid=190902

  27.8.2004 23:16 #2

• LlamaKing

  News Article: Winamp Security Bulletin
  http://www.winamp.com/about/article.php?aid=10605

  27.8.2004 23:17 #3

• Toiletman

  It doesn't affect you if you don't use skins right?

  28.8.2004 09:01 #4