View Single Post
Old 26th August 2004, 11:31   #1
Junior Member
1JoeskyIVXX's Avatar
Join Date: Apr 2003
Posts: 10
Winamp Skin File Arbitrary Code Execution Vulnerability

View Patched/Unpatched advisories on all products e.g.:
Internet Explorer 6 | Mozilla Firefox | Opera 7

Home >> Secunia Advisories >> Winamp Skin File Arbitrary Code Execution Vulnerability

Secunia Advisories

Secunia Advisories

Historic Advisories

Listed By Product

Listed By Vendor


About Advisories

Contact Form

Virus Information

Virus Information

Chronological List

Last 10 Virus Alerts


About Virus Info

Mailing Lists

Secunia Advisories

Weekly Summary

Secunia Virus Alerts

Info / Contact


Secunia Testzone


Customer Area

Winamp Skin File Arbitrary Code Execution Vulnerability

Secunia Advisory: SA12381
Release Date: 2004-08-25
Last Update: 2004-08-26

Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched

Software: WinAMP 3.x
Winamp 5.x

Choose a product and view comprehensive vulnerability statistics and all Secunia advisories affecting it.

A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs. With Internet Explorer this can be done without user interaction.

An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag and get it to run in the "Local computer zone". This can be exploited to run an executable program embedded in the Winamp skin file using the "object" tag and the "codebase" attribute.

NOTE: The vulnerability is reportedly being exploited in the wild.

The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.

Use another product.

Provided and/or discovered by:
Discovered by:

Reported by:
K-OTik.COM Security Survey Team

2004-08-26: Updated "credit" section.

Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Send Feedback to Secunia:

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at

Ideas, suggestions, and other feedback is most welcome.

Found: 5 Related Secunia Security Advisories

- Winamp "in_mod.dll" Heap Overflow Vulnerability
- WinAMP MIDI File Buffer Overflow Vulnerability
- WinAMP multiple buffer overflows
- WinAMP buffer overflow
- WinAMP buffer overflow allows execution of arbitrary code

Receive all Secunia Security Advisories Free:

Read more about our mailing list.


Secunia News

New at
* Improved product pages
* Extra Statistics
* Feedback system
* All Secunia advisories now include "Solution Status"

- - - - - - - - -

A new spoofing vulnerability has been found in Internet Explorer 6. A test is available here.

- - - - - - - - -

Many browsers are vulnerable to the Frame Injection Vulnerability. Test your browser here.

Secunia Feeds

Secunia Advisories
Get the RSS feed or use our HTML version.

Secunia Virus Alerts
Get the RSS feed.

Special Requests
Special requests for your website can be sent to our support, or read more about featuring Secunia information here.

Terms & Conditions - Confidentiality - Copyright Secunia - Compliance
1JoeskyIVXX is offline