AfterDawn: Tech news
AfterDawn > News > WinAMP skin exploit in the wild

WinAMP skin exploit in the wild

Written by Petteri Pyyny @ 26 Aug 2004 2:04 User comments (4)

WinAMP skin exploit in the wild

Security site Secunia has issued a warning about a security exploit using WinAMP skins. The problem is within WinAMP's skin zip files' (.wsz files) insufficient restrictions to control what can be launched from skin file's XML "browser" tag.
With this exploit, a skin file can launch executable programs when used with WinAMP, thus allowing malicious WinAMP skins to be created that can do virtually anything with user's computer. At the moment the solution to the problem is to use some other media player instead of WinAMP. The vulnerability has already been found in the wild.

Source: Secunia

<Japanese record industry raided >Indie music e-store launched in the UK
Previous Next  

4 user comments

127.8.2004 05:12
Ghostdog
Send private message to this user
Senior Member

This doesn´t affect Winamp 2.80, does it?

227.8.2004 23:16
LlamaKing
Send private message to this user
Newbie

This issue is now resolved with the latest release of Winamp. All users are advised to upgrade to Winamp 5.05 asap! http://www.winamp.com/player/ Changelog: http://www.winamp.com/player/version_history.php More info: http://forums.winamp.com/showthread.php?threadid=191604 http://forums.winamp.com/showthread.php?threadid=190902

327.8.2004 23:17
LlamaKing
Send private message to this user
Newbie

News Article: Winamp Security Bulletin http://www.winamp.com/about/article.php?aid=10605

428.8.2004 09:01
Toiletman
Send private message to this user
Senior Member

It doesn't affect you if you don't use skins right?

Comments have been disabled for this article.

Latest news

The era of cheap AI is about to end - consumers and companies may experience a harsh reality very soon The era of cheap AI is about to end - consumers and companies may experience a harsh reality very soon (19 Apr 2026 12:58)
AI companies have allowed both consumers and businesses to use their developed AI models at a significantly lower cost than their actual expenses. A clear change is now coming to this, which could significantly alter the market.
Defunct companies started selling their former employees' email and Slack messages to AI companies Defunct companies started selling their former employees' email and Slack messages to AI companies (18 Apr 2026 12:27)
Technology companies that have gone bankrupt or have simply been shut down have found a new way to make a little more money at their final gasp. The companies are selling their employees' Slack, Teams, and email messages as training material for AI compan
Google starts penalizing sites that hijack the browser back button Google starts penalizing sites that "hijack" the browser back button (18 Apr 2026 2:35)
Google has announced that starting from June 2026 it will begin penalizing websites that hijack the browser back button.
Installing a fresh Windows 11 is now up to half an hour faster Installing a fresh Windows 11 is now up to half an hour faster (17 Apr 2026 11:11)
The update to Windows 11 released in April 2026 changes the way Windows is installed on a computer for the first time. User can now skip the previously mandatory updates during the installation phase.
EU age verification app humiliated: Researcher bypassed protections in two minutes EU age verification app humiliated: Researcher bypassed protections in two minutes (17 Apr 2026 9:57)
The official EU age verification app released this week is reportedly easy to crack. Security researchers claim that it can be circumvented within two minutes.

Reviews

Roomba Plus 505 Combo review - Surprisingly good and relatively affordable robot vacuum Roomba Plus 505 Combo review - Surprisingly good and relatively affordable robot vacuum
In our review, we go through the pros and cons of the obstacle-avoiding, mopping Roomba 505 Combo+ robot vacuum. During a long test period, the robot's cleaning performance was pleasing, but it was far from perfect.
Review: Roborock Saros Z70 - robot vacuum with an arm Review: Roborock Saros Z70 - robot vacuum with an arm
In out in-depth review of Roborock Saros Z70 we put the robot vacuum through a 3 month test period, where we observed its work in normal home. The sci-fi -like arm of Z70 was a little bit disappointing, due its limited functionality.
Roborock Saros 10 review - Great, but not perfect Roborock Saros 10 review - Great, but not perfect
We tested Roborock Saros 10 robot vacuum for more than two months in order to see whether it is really worth its hefty price tag. The mopping, self-emptying Saros 10 was mostly great, even perfect. But its object avoidance was bit disappointing.
1 user comment

News archive

Sections:

Follow us:

© 1999-2026 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud