Slashdot Mirror


Winamp Skin Exploit in the Wild

An anonymous reader writes "Secunia.com has announced an exploit (derived from xml escaping the Internet zone into IE's local zone) that exploits Winamp's habit of automatically installing skins. Currently all versions of Winamp are affected. Details on the Winamp forums - apparently an exploit is already in the wild, and spreading."

8 of 397 comments (clear)

  1. Am I the only one... by psoriac · · Score: 4, Interesting

    who unchecks every option in any program I install that begins with "Automatically [check for/download] and install ..."?

    --
    I browse Slashdot at +3, Funny
  2. Redmond school of engineering by Rosco+P.+Coltrane · · Score: 4, Interesting

    Program skins with "browser tags" and "embedded xml"? sheesh, what next, word processor documents that have executable code inside?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. Expect these to grow more common... by hanssprudel · · Score: 5, Interesting


    Now that people have started to use firewalls, and the risk of worms and rootkits that infect through open, exploitable, holes grows smaller, it is time to expect more and more exploits to follow alternative vectors.

    Note how many buffer-overflow exploits there have been in server daemons. Well, there is no reason to believe that servers are any worse written with regards to input than client applications - quite the contrary actually.

    People think they are safe with a firewall. But I'm willing to bet there are undiscovered exploits in just about every application they run. WinZip? WinAMP? Acrobat Reader? Media player? Anything that handles files received over the Internet is potentially a vector for viruses and possibly worms.

    This time it was bad escaping, which made the exploit trivial, but there a buffer overflow would have served just as well. Neither firewalls nor anti-virus software will protect you.

  4. Dumb Question by ewhac · · Score: 5, Interesting

    For what possible purpose does a skin -- which is essentially nothing more than graphical elements -- need to invoke the browser?

    WTF? Seriously, help me out here. I've only been a programmer for 25 years, so I may not understand the deeply compelling reasons driving such a design decision.

    Schwab

  5. Re:i hate skins by topher1kenobe · · Score: 3, Interesting

    I love skins. I pick one and use it for years before switching. Skins allow people to pick an interface they like, something that fits into their desktop style, and leave it there.

    I don't go with random skins, or frequently changing skins. I just browse the library, pick a good one, and stick with it.

    --

    yadda

  6. Winamp's or IE's fault? by CodeMaster · · Score: 3, Interesting

    Still trying to figure out - is it winamp's fault that an XML character escape sequence causes stupid IE to run as in a local zone.

    This isn't the first app that gets nailed just because it was using IE (for whatever extent of use - full rendering or peripheral stuff like SSL Certificate handling or XML processing).

    Just add this to the IE screwups tally :-)

    get a free iPod![This really works! - I have only 3 more referrals to go, my buddy already got his iPod (I should have gotten into this earlier :-(]

  7. i'm famous! by DaWolfey · · Score: 3, Interesting

    I've never been linked to (well, indirectly) on slashdot before - it's my 30 seconds of fame!

    Just to add to the original thread a little, I only saw the worm spreading on IRC and I only saw 2 people who were spamming the link - like all mirc worms the infected person doesn't know they are doing it until someone tells them.

    I guess it's not got very far - since I reported the exploit i've not seen another spammed link for it.

  8. Suggestion to Windows yet NON-IE users by Spuffin · · Score: 3, Interesting

    Use Work Offline mode in IE when you aren't using it. This setting will be saved even when you close IE thus keeping IE exploits such as this down. As a side note, it also kills the ads in AIM which is a nice plus. The only downside is when a program does try to access the internet using IE (such as AIM) it prompts you to Stay Offline or Connect. All you have to do is click stay offline and you'll be fine. If anyone knows how to suppress this prompt I would love to hear it.