fatkiller a écrit :
Bonsoir,
Ma réponse n'a rien a voir avec ton probleme, mais il y a problème de sécurité avec winamp.
Voici la news en Anglais:
-------------------------
Winamp Flaw Allows Hackers
to Skin Your Computer
Severity: High
26 August, 2004
Summary:
Before any security mailing lists got wind of it, personnel from the greyhat Web site K-Otik.com discovered and posted underground exploit code for a new Winamp vulnerability. The vulnerability involves a specially-crafted Winamp skin file that can automatically download and execute code on a victim's computer. By enticing one of your users to a malicious Web page or sending an HTML e-mail, an attacker could deliver his malicious Winamp skin to your user's computer and gain total control of the machine. If you suspect your users have installed Winamp version 5.04 or earlier (whether or not you officially permit it), you should insist that they remove Winamp. For other countermeasures, see the Solution section below.
Exposure:
Winamp, a very popular media player that supports and plays more than 30 media file types, is used most commonly to play MP3 files. Although Winamp is not a business application, we've found that many employees install popular client applications like Winamp without authorization. Even if Winamp isn't part of your official corporate desktop image, some of your users probably have it on their systems.
Yesterday, a greyhat Web site known as K-Otik.com posted underground exploit code for a new vulnerability that affects Winamp 5.04 and below. Usually we report on vulnerabilities discovered by whitehat security researchers who disclose flaws in order to inform and protect the public. However, in this case a blackhat hacker calling himself |silent released his new Winamp exploit to other malicious hackers on the Internet, specifying that he would not inform Winamp or the security community. Therefore, Winamp users should consider this a high risk vulnerability, since malicious attackers have possessed exploit code before the security community knew of it.
Winamp's popular skinning ability enables customizing the look and feel of the application to fit your tastes. The malicious exploit takes advantage of a design flaw in Winamp's Skin Zip (.wsz) files. These .wsz files usually consist of a zipped archive containing files that fall into two main categories: 1) Media files for customizing Winamp, and 2) XML files that tell Winamp how to apply the media files. However, |silent discovered that he could also embed a malicious program within a Winamp skin file and then craft the XML portion so that Winamp executes it automatically.
Internet Explorer becomes Winamp's unwilling accomplice in this attack. |silent discovered he could create a Web page so that it would automatically download an infected Winamp skin as soon as an Internet Explorer (IE) user visited it. Windows associates .wsz files with Winamp by default. That means a smart attacker could maliciously craft his Web site so that if a victim visits the page, the malicious skin file downloads via IE automatically and executes in Winamp automatically. In sum, one wrong click could give up your machine.
Solution Path:
Since |silent never disclosed this vulnerability directly to Winamp's creators, Nullsoft, there is no patch correcting this flaw (although you can bet Nullsoft knows of this issue by now). We plan on updating this alert if Nullsoft releases a patch.
Today, the only way to totally protect yourself from this flaw is to remove Winamp. If you do not allow Winamp in your network, consider taking this opportunity to e-mail your users, citing the Winamp flaw as another example of why they should not install unauthorized programs on company-owned computers.
If you choose to continue using Winamp now, these workarounds can mitigate your exposure to |silent's vulnerability:
Dis-associate the .wsz file type in Windows. Doing this prevents you from installing any new Winamp skins automatically. To dis-associate .wsz files from Winamp, open Windows Explorer and click Tools => Folder Options => File Types tab. Scroll down to locate and highlight the WSZ extension type (which appears only if you have Winamp installed). Highlight it, and either click the Delete button to completely remove the WSZ extension type or click the Change button and select some other application, such as Notepad, to opens .wsz files harmlessly.
Use another browser besides IE to prevent the automatic download of the malicious Winamp skin. This is not a feasible option for everyone. However, other browsers, such as Mozilla Firefox, prompt the users for some interaction before automatically downloading |silent's malicious Winamp skin.
Firebox II, III, X and Vclass users should check below to learn how to block .wsz files by using their WatchGuard proxy services.
Though WatchGuard does not recommend installing Windows XP Service Pack 2, we did test |silent's exploit under SP2. SP2 includes new secure-browsing features that prevent IE from automatically downloading certain files. With SP2 installed, the malicious Web code |silent uses to download a Winamp skin onto your computer does not work without significant user interaction.
|
J'ai beau desinstall reinstall parfois sa marche et aprés sa marche plus . Qui sais de quoi ca peut venir ?