Winamp < 5.0.5 Skin File (.WSZ) Local Zone Arbitrary Code Execution
High Nessus Plugin ID 16204
SynopsisThe version of Winamp on the remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is using Winamp, a popular media player which handles many files format (mp3, wavs and more...)
The remote version of this software is vulnerable to a code execution flaw when processing a malformed .WSZ Winamp Skin file.
An attacker may exploit this flaw by sending a malformed .wsz file to a victim on the remote host, and wait for him to load it within Winamp.
SolutionUpgrade to Winamp 5.0.5 or newer