Download Index

In-Depth Reviews

Tips & Tutorials

Updates

News

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Download of the day • 7-Zip

Most Popular Software Downloads • Mozilla Firefox • Microsoft Office 2010 • QuickTime for Windows • Adobe Reader • Mozilla Thunderbird • Winamp • Microsoft Office 2007 Service Pack • Google Earth • Adobe Flash Player • Windows Vista Service Pack 2 (Vista SP2) • CCleaner (Crap Cleaner) Most Popular Software Articles • Windows Vista Tips: Home Networking Setup Tutorial • 10 Must-Have Apps: The Free Windows Networking Toolkit • How to Make Your Internet Connection Faster, Better

Beware That Winamp Skin!
Zero-Day Exploits Targets Winamp's Skinning Feature
Ryan Naraine

The popular skinning feature in Nullsoft's Winamp media player has left the door wide open for malicious attackers to hijack PCs.

Security researchers at K-Otik discovered the vulnerability and released details of a "Skinhead" zero-day exploit that is already spreading in the wild. The exploit, which targets Winamp versions 3.x and 5.x, is being used to forcefully install spyware (define) and Trojans on infected systems.

Secunia has tagged the flaw as "extremely critical," its highest rating.

Winamp skins have a huge following because they allow users to adopt colorful, customizable, and interchangeable sets of graphics that change the look and feel of the software.

According to an advisory from Secunia, the problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz). It means a malicious Web site could use a specially crafted Winamp skin to place and execute arbitrary programs.

With Microsoft's Internet Explorer browser, this can be done without user interaction.

Analysis of the zero-day exploit shows that attackers are using an XML (define) document in the Winamp skin zip file to reference a HTML document using the "browser" tag and get it to run in the "Local Computer Zone."

"This can be exploited to run an executable program embedded in the Winamp skin file using the 'object' tag and the 'codebase' attribute," Secunia explained.

The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.

PivX Labs, which has also analyzed the attack vector, said that a user visiting a Web site that hosts the Skinhead exploit will have their browser redirected to a compressed Winamp Skin file which has a WSZ file extension, but which in reality is a ZIP file.

The company said the default installation of Winamp registers the WSZ file extension and includes an instruction to Windows and Internet Explorer to automatically open the files. It leads to the fake Winamp skin being automatically loaded into the media player.

America Online owns Nullsoft.

News courtesy of internetnews.com

August 26, 2004

Download Winamp Now!

Download Windows XP SP2 Now!

View All MP3 Players

View All Anti-Spyware Utilities

Contents:
1. Zero-Day Exploits Targets Winamp's Skinning Feature

Additional Articles: