DON’T USE WINAMP !
p2pnet.net News:- DO NOT USE WINAMP !
That’s the warning on KOTic here, referring to a 0-day exploit known to be circulating in the wild.
It says there’s no patch for this vulnerability.
“The problem is caused due to insufficient restrictions on Winamp skin zip files (.wsz),” says Secunia here, sayng it can be exploited by a malicious website using a specially crafted Winamp skin to place and execute arbitrary programs.
“With Internet Explorer this can be done without user interaction,” states Secunia.
An XML document in the Winamp skin zip file can reference a HTML document using the “browser” tag and get it to run in the “Local computer zone.” it says, continuing:
“This can be exploited to run an executable program embedded in the Winamp skin file using the ‘object’ tag and the ‘codebase’ attribute.”
The vulnerability has been confirmed on a fully patched system with Winamp 5.04 using Internet Explorer 6.0 on Microsoft Windows XP SP1.
What to do?
Use another product., suggests Secunia.
August 26th, 2004 at 9:48 pm
Or don’t install skins and just stick to the 2 that come with the package?
August 27th, 2004 at 1:22 am
or unregister .wsz in regedit, or use firefox etc. etc.
August 27th, 2004 at 2:31 am
I still use winamp 2.76. Never found a reason to upgrade.
August 27th, 2004 at 2:34 am
I suppose you still got the old Vic 20 hooked up, too?
August 27th, 2004 at 2:39 am
Stop using winamp?? – 30 seconds in regedit or simply unregistering the filetypes does the trick.
Sod it, I’ll release a ‘patch’..
I zipped a .reg file that should unregister .wsz and .wal files for anyone unable to do the above. Should work!!… http://methlabs.org/Method/winampsecure.zip
August 27th, 2004 at 3:53 am
Or just stfu and install the official patched Winamp 5:05 when it’s released in a few hours…
Note, ALL older 2x/5x versions will still be vulnerable to the exploit.
August 27th, 2004 at 12:38 pm
Would P2Pnet.net confirm the above proposed registry solution as safe?
August 27th, 2004 at 4:09 pm
i used 2.9 forever and every single time it would tell me to get 5:04, which stupidly I did, but I think still have the instal.
I hate 5:04, it loads soooooooooo slowly it’s nuts.
August 27th, 2004 at 4:17 pm
Oooh insider information!! You know, if Justin were still around this stuff wouldn’t be happening. Blame this on that blasted AOL which sadly, sniff sniff, owns Winamp. To think my old site was once a download mirror.
I hate the new one and am going to reinstall an old version.
I wish when an article like this is written, more information is provided. p2p net seems to just skim the surface of things.
August 27th, 2004 at 6:37 pm
Although I do my best to give full-time coverage, 24/7, to the central issues – ie, file sharing, entertainment industry BS, and so on – I’m only one person and I can’t do everything (as much as I’d like to : )
So, my apologies for items that may “just skim the surface of things”.
Cheers!
August 27th, 2004 at 6:48 pm
awwww
August 27th, 2004 at 7:34 pm
If you open the .reg file with notepad you’ll see it contains only the following (it just clears a load of registry entries that relate to the .wal and .wsz files):
——–
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wal]
@=”"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wsz]
“PerceivedType”=”"
@=”"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.wsz\PersistentHandler]
@=”"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal]
@=”"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\OpenWithList]
“a”=”"
“MRUList”=”"
“b”=”"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wal\OpenWithProgids]
“Winamp.SkinZip”=hex(0):
August 27th, 2004 at 10:53 pm
http://download.nullsoft.com/winamp/client/winamp505_full.exe
Vulnerability patched. Topic is now moot.
In reply to previous… note again that ALL older versions (2x, 3x, 5x) are still vulnerable to the exploit. Use Winamp 5.05 only.
Also note, Justin is still around and involved, just not on aol’s payroll
August 28th, 2004 at 2:49 am
Enjoy 5.05. I will still be using 2.76, and I’m not even remotely worried about the exploit. Reading your post made me think winamp makers may have fabricated this whole thing to get people to upgrade. The new winamps have all been crap, IMO.
August 28th, 2004 at 6:46 am
No, that’s complete bullshit dude.
5.x is the continuation of the 2.x line
and is by far the best winamp ever.
So no-one cares what you think or say, so just stfu and die, k ?!
August 29th, 2004 at 2:29 am
Well, too scared to identify yourself, I would never speak that way to someone on the net or anywhere else. But many people lack class. How are you gonna tell me which one “I” like better. We both have opinions. And, why would someone care anymore about your opinion than mine? At least they can read my other posts and know who >I< am. May god bless your sorry existance.
August 30th, 2004 at 8:33 am
Or download Windows XP Service Pack 2, like a good little boy. That stops the problem and any related exploits at the source, bad IE security. And they tested this running IE 5x? How old are these people?
January 31st, 2005 at 10:55 pm
They’re all better than Real Player, so U’re both correct. @ least we can use the 1s we want & we’re not stuck in Russia or something using WinStalin 5.x!
March 24th, 2006 at 2:09 pm
lmaof