Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0537 -- Security Bulletin
Winamp Skin Vulnerability Allows Execution of Arbitrary Code
26 August 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Winamp 5.04 and prior
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
PROBLEM:
Winamp is a multimedia application that plays many popular media
formats.
A critical vulnerability has been identified in Winamp's handling of
Winamp skin zip files (.wsz), allowing a remote attacker to execute
arbitrary code.
An XML document in the Winamp skin zip file can reference a HTML
document using the "browser" tag thus allowing it to execute arbitrary
code in the "Local Computer" zone.
VERSIONS:
Winamp 5.04 and prior are vulnerable.
IMPACT:
This vulnerability may be used by an attacker to execute arbitrary
code on a user's system when the user visits a malicious web site or
opens a malicious Winamp skin zip file.
Depending on the web browser used on the system, this vulnerability
may be exploited with minimal user interaction by simply visiting a
malicious web site without explicitly running Winamp.
While not yet confirmed, it may be possible for this vulnerability to
be exploited through some email clients, depending upon the HTML
rendering engine used.
Secunia has reported that this vulnerability is being actively
exploited in the wild. [1]
MITIGATION:
No patch is currently available to fix this vulnerability.
AusCERT recommends that administrators disable the association of
.wsz files within Windows, or use a different application to
replace Winamp until an updated version is available.
REFERENCES:
[1] http://secunia.com/advisories/12381/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQS2RMyh9+71yA2DNAQKSpQP/R4D+xoF/ylZi9rApNJ6KhbYlk4Qjnt9r
5VvXBrj7tI6cIk8DoVS7aaiR6i0kPh09j0+u5Rwk5PL6nDXD3vgsCmWNXFr+S8Cc
uKa04IWP2dHiwSU5CTvmO32Mgdbrc8raUERpSdbZqnATtNAbz3LGLcDcDslj0pfH
R6AQMgcIzfk=
=FN1L
-----END PGP SIGNATURE-----