Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports

Closed Thread
Thread Tools Search this Thread Display Modes
Old 26th August 2004, 11:31   #1
1JoeskyIVXX
Junior Member
 
1JoeskyIVXX's Avatar
 
Join Date: Apr 2003
Posts: 10
Winamp Skin File Arbitrary Code Execution Vulnerability

http://secunia.com/advisories/12381/



View Patched/Unpatched advisories on all products e.g.:
Internet Explorer 6 | Mozilla Firefox | Opera 7

Home >> Secunia Advisories >> Winamp Skin File Arbitrary Code Execution Vulnerability




Secunia Advisories

Secunia Advisories

Historic Advisories

Listed By Product

Listed By Vendor

Statistics

About Advisories

Contact Form



Virus Information

Virus Information

Chronological List

Last 10 Virus Alerts

Statistics

About Virus Info



Mailing Lists

Secunia Advisories

Weekly Summary

Secunia Virus Alerts



Info / Contact

Products

Secunia Testzone

Languages

Customer Area

Winamp Skin File Arbitrary Code Execution Vulnerability


Secunia Advisory: SA12381
Release Date: 2004-08-25
Last Update: 2004-08-26


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: WinAMP 3.x
Winamp 5.x


Choose a product and view comprehensive vulnerability statistics and all Secunia advisories affecting it.


Description:
A vulnerability has been reported in Winamp, which can be exploited by malicious people to compromise a user's system.

The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). This can e.g. be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs. With Internet Explorer this can be done without user interaction.

An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag and get it to run in the "Local computer zone". This can be exploited to run an executable program embedded in the Winamp skin file using the "object" tag and the "codebase" attribute.

NOTE: The vulnerability is reportedly being exploited in the wild.

The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.

Solution:
Use another product.

Provided and/or discovered by:
Discovered by:
"Silent"

Reported by:
K-OTik.COM Security Survey Team

Changelog:
2004-08-26: Updated "credit" section.




Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.





Send Feedback to Secunia:


If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback is most welcome.





Found: 5 Related Secunia Security Advisories


- Winamp "in_mod.dll" Heap Overflow Vulnerability
- WinAMP MIDI File Buffer Overflow Vulnerability
- WinAMP multiple buffer overflows
- WinAMP buffer overflow
- WinAMP buffer overflow allows execution of arbitrary code



Receive all Secunia Security Advisories Free:





Read more about our mailing list.









Search







Secunia News

2004-08-23
New at Secunia.com:
* Improved product pages
* Extra Statistics
* Feedback system
* All Secunia advisories now include "Solution Status"


- - - - - - - - -

2004-08-16
A new spoofing vulnerability has been found in Internet Explorer 6. A test is available here.


- - - - - - - - -

2004-07-01
Many browsers are vulnerable to the Frame Injection Vulnerability. Test your browser here.





Secunia Feeds

Secunia Advisories
Get the RSS feed or use our HTML version.

Secunia Virus Alerts
Get the RSS feed.

Special Requests
Special requests for your website can be sent to our support, or read more about featuring Secunia information here.






Terms & Conditions - Confidentiality - Copyright Secunia - Compliance
1JoeskyIVXX is offline  
Old 26th August 2004, 11:42   #2
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,824
Known and already fixed for 5.05
DJ Egg is online now  
Closed Thread
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump