AfterDawn: Tech news

WinAMP skin exploit in the wild

Written by Petteri Pyyny @ 26 Aug 2004 2:04 User comments (4)

WinAMP skin exploit in the wild

Security site Secunia has issued a warning about a security exploit using WinAMP skins. The problem is within WinAMP's skin zip files' (.wsz files) insufficient restrictions to control what can be launched from skin file's XML "browser" tag.
With this exploit, a skin file can launch executable programs when used with WinAMP, thus allowing malicious WinAMP skins to be created that can do virtually anything with user's computer. At the moment the solution to the problem is to use some other media player instead of WinAMP. The vulnerability has already been found in the wild.

Source: Secunia

Previous Next  

4 user comments

127.8.2004 05:12

This doesn´t affect Winamp 2.80, does it?

227.8.2004 23:16

This issue is now resolved with the latest release of Winamp. All users are advised to upgrade to Winamp 5.05 asap! http://www.winamp.com/player/ Changelog: http://www.winamp.com/player/version_history.php More info: http://forums.winamp.com/showthread.php?threadid=191604 http://forums.winamp.com/showthread.php?threadid=190902

327.8.2004 23:17

News Article: Winamp Security Bulletin http://www.winamp.com/about/article.php?aid=10605

428.8.2004 09:01

It doesn't affect you if you don't use skins right?

Comments have been disabled for this article.

News archive