lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040828135612.27508.qmail@www.securityfocus.com>
Date: 28 Aug 2004 13:56:12 -0000
From: K-OTiK Security <Special-Alerts@...tik.com>
To: bugtraq@...urityfocus.com
Subject: Re: 0day critical vulnerability/exploit targets Winamp users in
    the wild


In-Reply-To: <20040826164943.17362.qmail@....securityfocus.com>

Nullsoft has issued a fix for this critical vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.

Nullsoft said that Winamp 5.05 resolves this exploit in two ways:

- Winamp will now prompt all users with a confirmation window before installing any skins. 
- Winamp will now only extract files considered low risk before loading a Winamp Skin. 

ALL Winamp users MUST upgrade to Winamp 5.05 immediately. 

http://www.winamp.com/player/

Regards.
K-OTik.COM Security Survey Team
http://www.k-otik.com 

>
>take a look at the code/exploit : 
>http://www.k-otik.com/exploits/08252004.skinhead.php
>
>Secunia advisory : http://secunia.com/advisories/12381/
>
>Thor Larholm -> When a user visits a website that hosts the Skinhead exploit their browser is redirected to a compressed Winamp Skin file which has a WSZ file extension but which in reality is a ZIP file. The default installation of Winamp registers the WSZ file extension and includes an EditFlags value with the bitflag 00000100 which instructs Windows and Internet Explorer to automatically open these files when encountered. Because of this EditFlags value the fake Winamp skin is automatically loaded into Winamp which in turn open the "skin.xml" file inside the WSZ file. This skin.xml file references several include files such as "includes.xml", "player.xml" and "player-normal.xml", the latter of which opens an HTML file in Winamp's builtin webbrowser.
>
>The HTML file that is opened exploit the traditional codeBase command execution vulnerability in Internet Explorer to execute "calc.exe" at which time the user is infected.
>
>Regards.
>K-OTik.COM Security Survey Team
>http://www.k-otik.com 
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ