Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2004.0537 -- Security Bulletin Winamp Skin Vulnerability Allows Execution of Arbitrary Code 26 August 2004 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Winamp 5.04 and prior Operating System: Windows Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated PROBLEM: Winamp is a multimedia application that plays many popular media formats. A critical vulnerability has been identified in Winamp's handling of Winamp skin zip files (.wsz), allowing a remote attacker to execute arbitrary code. An XML document in the Winamp skin zip file can reference a HTML document using the "browser" tag thus allowing it to execute arbitrary code in the "Local Computer" zone. VERSIONS: Winamp 5.04 and prior are vulnerable. IMPACT: This vulnerability may be used by an attacker to execute arbitrary code on a user's system when the user visits a malicious web site or opens a malicious Winamp skin zip file. Depending on the web browser used on the system, this vulnerability may be exploited with minimal user interaction by simply visiting a malicious web site without explicitly running Winamp. While not yet confirmed, it may be possible for this vulnerability to be exploited through some email clients, depending upon the HTML rendering engine used. Secunia has reported that this vulnerability is being actively exploited in the wild. [1] MITIGATION: No patch is currently available to fix this vulnerability. AusCERT recommends that administrators disable the association of .wsz files within Windows, or use a different application to replace Winamp until an updated version is available. REFERENCES: [1] http://secunia.com/advisories/12381/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQS2RMyh9+71yA2DNAQKSpQP/R4D+xoF/ylZi9rApNJ6KhbYlk4Qjnt9r 5VvXBrj7tI6cIk8DoVS7aaiR6i0kPh09j0+u5Rwk5PL6nDXD3vgsCmWNXFr+S8Cc uKa04IWP2dHiwSU5CTvmO32Mgdbrc8raUERpSdbZqnATtNAbz3LGLcDcDslj0pfH R6AQMgcIzfk= =FN1L -----END PGP SIGNATURE-----