WinAmp flayed by skins attack

Discussion in 'Windows Desktop Systems' started by rik, Aug 26, 2004.

  1. rik

    rik OSNN Addict

    Messages:
    115
    Location:
    I dunno
    http://www.theregister.co.uk/2004/08/26/winamp_brown_alert/

    By John Leyden
    Published Thursday 26th August 2004 12:37 GMT

    In brief A serious security flaw in NullSoft's popular WinAmp player opens the door for crackers to seize control of vulnerable systems.

    The problem stems from a flaw in how the player processes Winamp skin zip files. This flaw means WinAmp users induced to visit a maliciously constructed website could find their PCs rooted. The vulnerability has been confirmed on a fully patched system with WinAmp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1. WinAmp 3.x users are also potentially in peril. And that's not the worst of it. The bug, reported by the K-OTik.COM Security Survey Team, is reportedly being actively exploited in the wild.

    NullSoft is yet to release a patch. Security firm Secunia describes the flaw as "extremely critical". Pending the availability of a fix, Secunia advises WinAmp users to use an alternative product.
     
  2. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Heh, just read this article before getting here. Seems people will attack anything these days :)
     
  3. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    This is just too much...