| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 26 Aug 2004 16:49:43 -0000 From: K-OTiK Security <Special-Alerts@...tik.com> To: bugtraq@...urityfocus.com Subject: 0day critical vulnerability/exploit targets Winamp users in the wild Hi, we received since July 22nd several reports from users who were hacked after visiting several websites. This 0day attack had been used to spread spyware and trojans, infecting patched computers. Investigations showed the existance of a new and unpublished flaw/exploit in the winamp skin files handling. take a look at the code/exploit : http://www.k-otik.com/exploits/08252004.skinhead.php Secunia advisory : http://secunia.com/advisories/12381/ Thor Larholm -> When a user visits a website that hosts the Skinhead exploit their browser is redirected to a compressed Winamp Skin file which has a WSZ file extension but which in reality is a ZIP file. The default installation of Winamp registers the WSZ file extension and includes an EditFlags value with the bitflag 00000100 which instructs Windows and Internet Explorer to automatically open these files when encountered. Because of this EditFlags value the fake Winamp skin is automatically loaded into Winamp which in turn open the "skin.xml" file inside the WSZ file. This skin.xml file references several include files such as "includes.xml", "player.xml" and "player-normal.xml", the latter of which opens an HTML file in Winamp's builtin webbrowser. The HTML file that is opened exploit the traditional codeBase command execution vulnerability in Internet Explorer to execute "calc.exe" at which time the user is infected. Regards. K-OTik.COM Security Survey Team http://www.k-otik.com
Powered by blists - more mailing lists