Bugtraq mailing list archives
Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 31 Jan 2006 08:30:19 +0200 (EET)
Nullsoft has released a fixed version 5.13 now. Internet Storm Center shared the information last night at
http://isc.sans.org/diary.php?storyid=1080An official download link is http://www.winamp.com/player/
- Juha-Matti
You can disable auto launching Winamp for playlist files as a workaround. For Firefox, go to Tools / Options settings, click on Download icon, then click on View & Edit Actions... Scroll down to M3U extension and then push the Remove Action button. Firefox will no longer automatically launch firefox for Winamp playlist files. It is a good idea in general for attack surface reduction to trim down the View & Edit actions to just the ones you need. Do you really need AIFF and AU autolaunching for instance? What about all those Quicktime and Acrobat formats? Looks like a lot of unnecessary attack surface to me. For IE you need to disable the file type in Windows Explorer. Go to Tools / Folder Options / File Types. Scroll down to the file extension you want to change. In this case its M3U. Check Confirm after download. You will be prompted to launch WinAmp if a M3U file is downloaded. You can remove the file type completely but that will also remove the ability to double-click to launch playlists from the Windows shell. You may want to go through this list and check confirm after download for many file types. It would be nice if more vendors installed their file types with this option in place. -Chris
Current thread:
- Winamp 5.12 - 0day exploit - code execution through playlist Process (Jan 30)
- Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal (Jan 30)
- <Possible follow-ups>
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio (Jan 31)