Winamp security vulnerability fixed
Saturday, August 28, 2004 by eieio | Discussion: WinCustomize News
Nullsoft has issued a fix for a newly discovered security vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.
The vulnerability takes advantage of the Winamp Skin installer mechanism coupled with a security hole within the Internet Explorer browser.
To be vulnerable, a user must navigate to a specifically crafted web page which automatically installs a malicious Winamp Skin.
This skin launches an embedded Internet Explorer browser within the Skin using a feature of the Winamp Modern Skin Engine. This malicious Winamp Skin then uses the browser to launch a malicious application bundled within the skin.
There have been reports of this exploit in use on the web to automatically install Adware or Spyware applications without the users consent.
Winamp 5.05 resolves this exploit in two ways:
Winamp will now prompt all users with a confirmation window before installing any skins.
Winamp will now only extract files considered low risk before loading a Winamp Skin.
We strongly urge ALL Winamp users to upgrade to Winamp 5.05 immediately.
Go to the Winamp Player download page to download the latest version of the Winamp.
The vulnerability takes advantage of the Winamp Skin installer mechanism coupled with a security hole within the Internet Explorer browser.
To be vulnerable, a user must navigate to a specifically crafted web page which automatically installs a malicious Winamp Skin.
This skin launches an embedded Internet Explorer browser within the Skin using a feature of the Winamp Modern Skin Engine. This malicious Winamp Skin then uses the browser to launch a malicious application bundled within the skin.
There have been reports of this exploit in use on the web to automatically install Adware or Spyware applications without the users consent.
Winamp 5.05 resolves this exploit in two ways:
Winamp will now prompt all users with a confirmation window before installing any skins.
Winamp will now only extract files considered low risk before loading a Winamp Skin.
We strongly urge ALL Winamp users to upgrade to Winamp 5.05 immediately.
Go to the Winamp Player download page to download the latest version of the Winamp.
joeKnowledge
Reply #3 Sunday, August 29, 2004 2:12 AM
Reply #3 Sunday, August 29, 2004 2:12 AM
not sure... I think if you have IE on your system and the old winamp install the you have problems
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
Reply #1 Saturday, August 28, 2004 11:23 AM