CVE-2004-0820

Name of the Vulnerable Software and Affected Versions Winamp versions prior to 5.0.4

Description The issue allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. This flaw may allow a malicious user to execute arbitrary code when a user downloads a specifically crafted WinAmp skin from a malicious website. These skins are downloaded without prompting the user when using Internet Explorer, potentially allowing an attacker to place and execute arbitrary programs, resulting in a loss of confidentiality, integrity, or availability.

Recommendations For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the download of .wsz skin files from untrusted sources to minimize the risk of exploitation. Restrict access to the skin download feature when using Internet Explorer to reduce the risk of arbitrary code execution.