Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Winamp 5.x Remote Code Execution via Playlists InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Winamp 5.x Remote Code Execution via Playlists

Published: 2006-01-31
Last Updated: 2006-01-31 16:58:57 UTC
by Ed Skoudis (Version: 3)
0 comment(s)
While we're on the topic of audio software, there's a 0-day exploit out today for Winamp 5.12 that allows
remote code execution via a crafted playlist (.pls) file.  The proof-of-concept exploit suggests using an
iframe to trigger a 'drive-by' attack on anyone unlucky enough to visit a website containing a malicious
iframe; say, third-party advertisers and forum websites--the usual vectors for this sort of thing.
Secunia's got a nice writeup of it here. 

Update 21:22 UTC : Now that's what I call service!  There's a new version of winamp out today, version 5.13,
which you can
download now.    Further research has shown that the workarounds can be bypassed, so don't
bother. Just update.

Update Jan 31: There's a sploit in the wild for this one.  Have you patched yet?  The kiddies will come a-callin' soon. --Ed.

0 comment(s)
Diary Archives