Winamp Shows New Flaw!

Not too long ago we spoke about buffer-overflows that could cause Winamp and messaging applications such as AOL Instant messenger or YIM to expose your PC to hackers. Now a new threat has emerged. This time the trouble involves a special Winamp “SKIN” file that can automatically download and execute code on possibly your computer. If you have installed Winamp version 5.04 or earlier, you should check your skin list and if you see one you do not recognize by name, you should remove Winamp and newly install it. As for the skins, you would be better off, only downloading skins directly from the Winamp website.

Winamp's “skinning” ability, meaning the option of customizing the look and feel of the application to fit your tastes, could possibly breech your system security. The bad exploit will take advantage of a flaw within the programming structure of a Skin (.wsz). A .wsz file usually is a zipped archive containing files that can be categorized into two main categories:

• Media files (to customize Winamp)

• XML files that tell the application (in this case your Winamp Player) how to apply the media files. Now it has been discovered that a malicious program could be embedded which then executes it automatically once Winamp is opened.

Currently there are only two solutions to the problem. First (and probably most secure) is to completely remove Winamp from your system until Nullsoft (the company that releases Winamp) comes up with a new release for its application or at least a patch. For this please go to Nullsoft’s or Winamp’s website and check for details and/or updates. If you still want to hang on to your Winamp player, you could also delete all your skins in your skin list and return to Nullsoft’s “Orange-Black” basic skin, until Winamp offers a solution to this problem on its website.

Until next time! Surf safe!

Copyright © 2004