Buffer Overflow Affects Winamp 3 Skins

Discussion in 'other security issues & news' started by discogail, Oct 3, 2002.

Thread Status:
Not open for further replies.
  1. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    A buffer overflow in Winamp 3's XML parser could let an attacker execute arbitrary code on a victim's PC, according to an advisory http://161.53.51.222/advisory/sunnis-01.txt from Illegal Instruction Labs. The vulnerability exists in Winamp's Wsabi engine, which is the core of the application's skinning system, and could be exploited if a victim opened a maliciously crafted .WAL skin file. When Winamp 3 is installed, Microsoft Internet Explorer is set to automatically open these files once they are downloaded, without prompting the user. Proof-of-concept shellcode for Win ME has been provided, and could be changed to work on other versions of Windows.

    The advisory doesn't mention whether the vendor has been notified; as a temporary workaround, we recommend removing the skin file association from Internet Explorer. Go to the Tools->Folder Options menu in Windows Explorer, click the "File Types" tab, and remove .WAL from the list of
    registered extensions.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.