Slashdot Mirror

← Back to Stories (view on slashdot.org)

Winamp Skin Exploit in the Wild

Posted by ryuzaki0 on from the even-skins-are-dangerous-now dept.

An anonymous reader writes "Secunia.com has announced an exploit (derived from xml escaping the Internet zone into IE's local zone) that exploits Winamp's habit of automatically installing skins. Currently all versions of Winamp are affected. Details on the Winamp forums - apparently an exploit is already in the wild, and spreading."

18 of 397 comments (clear)

  1. yet another way... by ryane67 · · Score: 5, Funny

    to compromise a system..

    Luckily the masses of windows users are content to use windows media player which should slow the spread of this.

    --
    ?SYNTAX ERROR IN LINE 42
    1. Re:yet another way... by black+mariah · · Score: 5, Funny
      What can you do?
      Well, when I'm dictator it will be legal to punch people in the face for doing stupid shit like that. Ought to help out a bit. Imagine a technician comes to your home, you tell them what's wrong and what you did... WHAM! A nice fist in the face. Hell of a deterrent, that.
      --
      'Standards' in computing only impress those who are impressed by things like 'standards'.
    2. Re:yet another way... by Carnildo · · Score: 2, Funny

      I'm using Winamp 2 skins on XMMS. Am I vulnerable to this?

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
    3. Re:yet another way... by shish · · Score: 2, Funny

      I think the safest thing to do would be to use Winamp 4; no exploits for that :)

      --
      I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  2. Damn you Britney! by ZipR · · Score: 5, Funny

    I knew that your oh-so-sexy winamp skin would be my downfall.

    1. Re:Damn you Britney! by Anonymous Coward · · Score: 3, Funny

      I think this we can blame Frank Sinatra for this one though...

      I've got you under my skin
      I've got you deep in the heart of me
      So deep in my heart, that you're really a part of me
      I've got you under my skin

    2. Re:Damn you Britney! by argStyopa · · Score: 3, Funny

      I knew that your oh-so-sexy winamp skin would be my downfall.
      Well duh.

      Pretty Girl + Virus = trouble in just about any context.

      Throw "wife" into the equation and the result may be expressed both in terms of $$ and an unreal number.

      --
      -Styopa
  3. Can I name the worm?? by Lux · · Score: 4, Funny

    I propose "flensing."

  4. Further evidence that skinning is stupid by pestie · · Score: 5, Funny

    Seems to me I was just bitching about skinning and mentioned that security holes were one possible (but unlikely) down-side. I love when the universe makes my point for me.

  5. As long as... by Anonymous Coward · · Score: 3, Funny

    Just as long as the exploit isn't used to install SP2 were all safe.

  6. Skinning is Worth It by Anonymous Coward · · Score: 5, Funny
    Having to periodically wipe your system and reinstall from backups is a small price to pay for the ability to have your apps look like real equipment.

    I mean, WinAmp can actually look like different kinds of real CD players! Can you believe that? It can look like all sorts of things; it doesn't have to look like a rectangular window at all. That just rocks! You can even change the way it looks at runtime! You can download whole new looks! Man, that is too cool.

    Kudos to those guys. This is the kind of thing that really makes computing fun.

  7. Re:Just another reason to use iTunes, I guess by Anonymous Coward · · Score: 3, Funny
    I used to be a big fan of Winamp...but then I switched to iTunes and never looked back. Guess that's a good thing.
    Good thing you never looked back. We're all pointing and laughing at you.
  8. Re:School must've just gotten out. by machine+of+god · · Score: 4, Funny

    I notice the average vocabularical IQ drops about 50 points once 3pm EST hits.

    vocabularical.

    I believe you were saying something?

  9. revenge by bersl2 · · Score: 4, Funny

    I'm pretty sure the llama is tired of getting its ass whipped.

  10. Re:Am I the only one... by telstar · · Score: 5, Funny

    I dunno, but I like posts whose entire message changes if you neglect to read the subject.

  11. The RIAA press release.... by endersdouble · · Score: 3, Funny

    Not only does evil P2P software break the law, it helps infect your computer! A program called Winamp, used by illegal copyright infringers to play their music files called MP3s, has a security hole allowing evil hackers to enter your system! We need to band together to ban this evil and dangerous Winamp program. Remember, no matter what, it is WRONG to use Winamp to play downloaded MP3s--and now, it is dangerous. Respect copyrights; uninstall Winamp.

  12. Is calculator safe? by rs79 · · Score: 5, Funny

    In related news, our editors today learned of the calc_virus; remote explotation of Windows Calculator utility is possible and attackers can gain access to your machine via this program. The announcment that MS recommends you use an abacus was heralded as a remarkable advance in system security

    --
    Need Mercedes parts ?
  13. Re:Just another reason to use iTunes, I guess by Anonymous Coward · · Score: 2, Funny

    Yes, let us keep score.

    Winamp gayness: 0
    iTunes gayness: 1,000,000,000,OMG,LOL,000