Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 0day critical vulnerability/exploit targets Winamp users in the w

from [K-OTiK Security] Network Security [Permanent Link]
Subject: Re: 0day critical vulnerability/exploit targets Winamp users in the wild
Date: 28 Aug 2004 13:56:12 -0000 
In-Reply-To: <20040826164943.17362.qmail@www.securityfocus.com>

Nullsoft has issued a fix for this critical vulnerability affecting Winamp 3.0, 
5.0 and 5.0 Pro or newer.

Nullsoft said that Winamp 5.05 resolves this exploit in two ways:

- Winamp will now prompt all users with a confirmation window before installing 
any skins. 
- Winamp will now only extract files considered low risk before loading a 
Winamp Skin. 

ALL Winamp users MUST upgrade to Winamp 5.05 immediately. 

http://www.winamp.com/player/

Regards.
K-OTik.COM Security Survey Team
http://www.k-otik.com 



take a look at the code/exploit : 
http://www.k-otik.com/exploits/08252004.skinhead.php

Secunia advisory : http://secunia.com/advisories/12381/

Thor Larholm -> When a user visits a website that hosts the Skinhead exploit 
their browser is redirected to a compressed Winamp Skin file which has a WSZ 
file extension but which in reality is a ZIP file. The default installation of 
Winamp registers the WSZ file extension and includes an EditFlags value with 
the bitflag 00000100 which instructs Windows and Internet Explorer to 
automatically open these files when encountered. Because of this EditFlags 
value the fake Winamp skin is automatically loaded into Winamp which in turn 
open the "skin.xml" file inside the WSZ file. This skin.xml file references 
several include files such as "includes.xml", "player.xml" and 
"player-normal.xml", the latter of which opens an HTML file in Winamp's 
builtin webbrowser.

The HTML file that is opened exploit the traditional codeBase command 
execution vulnerability in Internet Explorer to execute "calc.exe" at which 
time the user is infected.

Regards.
K-OTik.COM Security Survey Team
http://www.k-otik.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security <=
Previous by Date:  Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability", Zone Labs Product Security
Next by Date:  Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), john . courcoul
Previous by Thread:  Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability", Zone Labs Product Security
Next by Thread:  CuteNews News.txt writable to world, e0r
Indexes:  [Date] [Thread] [Top] [All Lists]