Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: Critical Vulnerability Found in Winamp (Read 6883 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Critical Vulnerability Found in Winamp

According to reports at CNET News.com and Secunia, an extremely critical vulnerability has been found in the latest Winamp versions.

Winamp skin files may contain inappropriate links to web sites, allowing automatic download of potentially dangerous programs that could be used to gain control of your system.  AOL is aware of the problem, but there is as of yet no remedy.

Secunia is advising all Winamp users to use an alternative media player in the meantime.

Critical Vulnerability Found in Winamp

Reply #1
Wow, that's a bit... dumb... it seems to me that you would not be in danger if you don't go browsing the net for skins!

Critical Vulnerability Found in Winamp

Reply #2
Quote
Secunia is advising all Winamp users to use an alternative media player in the meantime.
[a href="index.php?act=findpost&pid=237055"][{POST_SNAPBACK}][/a]


Quote
Wow, that's a bit... dumb... it seems to me that you would not be in danger if you don't go browsing the net for skins!
[a href="index.php?act=findpost&pid=237058"][{POST_SNAPBACK}][/a]


I agree, that's retarded. Just stick to the default skin, or one you trust, and all is OK.

Critical Vulnerability Found in Winamp

Reply #3
This has been fixed already. Currently in beta testing, expect a new release soon.

Critical Vulnerability Found in Winamp

Reply #4
I find it bloatware-like to have a mere graphic component being capable of initiating an internet connection ! Why not test Winamp skins with a 3D graphic benchmark now ? What Winamp skin makes Counter-Strike lag the most  ?

Critical Vulnerability Found in Winamp

Reply #5
agree i still using winamp qith the old skin style... why you say... because the ne modern skin just eat up cpu cycles that are better use for mo games/work
Sven Bent - Denmark

Critical Vulnerability Found in Winamp

Reply #6
As "wish" said, a fix is being beta tested. Regarding browsing the net for skins, i'll refer you to DJ Egg:

Quote
It's not a case of 'not downloading skins'.
You're safe if you download skins from any of:
winamp.com, deviantart.com, 1001winampskins, skins.org, deskmod, etc etc...
You'll probably be safe if you knowingly download any wsz or wal file.
It's when the url is a seemingly unsuspicious link to a .php or .jpg that you've got to worry, because that's how the exploit is utilized.
winamp unlimited.com

Critical Vulnerability Found in Winamp

Reply #7
This is a vulnerability in the skin-auto-installer that Winamp uses. Basically, a winamp skin can be a .WSZ file, which is just a renamed zip file. When you install winamp, you can click on WSZ links in IE and have them auto install to the right places and such.

The exploit is in one of the XML files that Winamp reads when it opens the skin file. The XML can be crafted so as to cause winamp to open an HTML file in IE the local zone which can then call and execute arbitrary code.

Using the "skin" doesn't cause it as much as downloading it and running it thru the auto-install causes it.

Critical Vulnerability Found in Winamp

Reply #8
Quote
Wow, that's a bit... dumb... it seems to me that you would not be in danger if you don't go browsing the net for skins!
[a href="index.php?act=findpost&pid=237058"][{POST_SNAPBACK}][/a]


Not really.  See, here's the problem.  You can click on what appears to be an innocent looking link to a JPEG or PHP file on any web site, and instead it's actually a disguised Winamp skin file which contains an executable trojan.  Your web browser then automatically passes the Winamp skin file to Winamp, which automatically opens and installs the skin for your convienence.  So you can be hit and hit hard by this exploit even if you aren't "surfing the net for skins."

Critical Vulnerability Found in Winamp

Reply #9
i put up a friendly summary on all the information i've gathered regarding the exploit, on winamp unlimited.

feel free to point out any inaccuracies you see.
winamp unlimited.com

Critical Vulnerability Found in Winamp

Reply #10
Detailed information about the path the exploit follows to execute can be found in this thread:
http://forums.winamp.com/showthread.php?po...734#post1450734

Removing all exe types from the zip when it gets decompressed is a start, but not really a solution.

Only real solution I see is to disable Winamp's handling of the "browser" XML when it references "file://...". This would prevent the thing from opening downloaded (and potentially unsafe) content in the local zone. That would fix it entirely.

Critical Vulnerability Found in Winamp

Reply #11
Thank you for the info, I stand corrected.

Critical Vulnerability Found in Winamp

Reply #12
Does also Winamp 2.91 have this skin-bug?

Critical Vulnerability Found in Winamp

Reply #13
well 5.05 is out now, so just d/l that
[span style=\'font-size:8pt;line-height:100%\']"We will restore chaos"-Bush on Iraq[/span]

Critical Vulnerability Found in Winamp

Reply #14
You may be astonished but for some reasons i like the Minibrowser of Winamp 2.
Till now i haven't found a possibility to open a similar browser window with Winamp 5.x .
Or is there one...?

Critical Vulnerability Found in Winamp

Reply #15
Quote
Software: WinAMP 3.x
Winamp 5.x

From Secunia


So no 2.9x is not affected