INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: WINAMP vulnerability posted on Bugtraq  (Read 682 times)

Gatobrit

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 575
  • Home Theatre, Walking, Fischer Bitter
WINAMP vulnerability posted on Bugtraq
« on: July 18, 2002, 08:18:52 am »

Hi - saw this on Bugtraq.



It would seem that I opened up a can of worms when i created my icq |PLS|
msie advisory the other day
Wich presented a new way to execute arbitrary code on a users machine
winamp is equally vulnerable

Winamps starts skin files with the extention wsz and the mime type
interface/x-winamp-skin automaticly
and saves it in a know location on the users harddisk namely :

C:\Program Files\Winamp\Skins

example at :

http://kuperus.xs4all.nl/winamp.htm

tested on version 2.80 of winamp, but other versions are likely to be
affected aswell

I believe a great number of programs to be vulnerable to this exploit
and would currently recommend going through the filetypes (open windows explorer not internet explorer, then goto tools > folder options > file types and disable ALL extentions that have their default action set to open. I really can't tell how many programs are affected but there seem to be quite a few.

This is really quite a severe vulnerability as basicly anyone with basic computer knowlage can exploit this
Logged
Namaste,
John

Vlad

  • Guest
RE:WINAMP vulnerability posted on Bugtraq
« Reply #1 on: July 18, 2002, 08:26:23 am »

Are you kidding???  There's hundreds of them.
Logged

Gatobrit

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 575
  • Home Theatre, Walking, Fischer Bitter
RE:WINAMP vulnerability posted on Bugtraq
« Reply #2 on: July 18, 2002, 08:28:33 am »

I'm quoting the Bugtraq posting. Quite and understatement I agree.
Logged
Namaste,
John
Pages: [1]   Go Up