Winamp .wsz file allows execution of code (WinampWszExecuteCode)

Vuln ID: 17124
Risk Level: High risk vulnerability  High WinampWszExecuteCode
Platforms: Nullsoft Winamp: 3.0, Microsoft Windows 2003 Server, Nullsoft Winamp: 5.0 - 5.04
Description:

Winamp could allow a remote attacker to execute arbitrary code on the system. A remote attacker could create a malicious Web page that uses the object tag and the codebase attributes to cause code embedded in a Winamp skin file (.wsz) to be automatically executed in the victim's Local computer zone.
Remedy:

Upgrade to the latest version of Winamp (5.05 or later), as listed in the Winamp Security Bulletin Aug. 27, 2004. See References.
Required Permission: Windows login
Additional Information:

References:

SA12381
Winamp Skin File Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/12381/

Packet Storm Web Site
winampExploit.txt
http://packetstormsecurity.nl/0408-exploits/winampExploit.txt

Winamp Security Bulletin Aug. 27, 2004
Nullsoft has issued a fix for a newly discovered security vulnerability affecting Winamp 3.0, 5.0 and 5.0 Pro or newer.
http://www.winamp.com/about/article.php?aid=10605

ISS X-Force
Winamp .wsz file allows execution of code
http://www.iss.net/security_center/static/17124.php

CVE CVE-2004-0820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0820
X-Force Logo
Know Your Risks		 Mitre.org CVE Logo
Common Vulnerabilties & Exposures