Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Nullsoft Winamp Skin Predictable File Location Vulnerability

Nullsoft Winamp Skin Predictable File Location Vulnerability

by Nikola Strahija on July 21st, 2002 Nullsoft Winamp is a skinable media player for Microsoft Windows supporting MP3 and other filetypes. By default, Winamp skin files are given the .wsz extension. When installed, a skin file is placed in a predictable location within the installation directory of Winamp. An attacker may exploit this vulnerability to place malicious content in a known location. A URL reference to the file may then cause malicious content or code to be executed within local context.


Remote: Yes

Exploit: An exploit has been provided by "Jelmer" . This exploit will run arbitrary code on vulnerable systems, and should be treated appropriately.

http://kuperus.xs4all.nl/winamp.htm

At the time of this analysis, the website was unreachable.




Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »