Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Wed, 24 Nov 2004 11:42:02 +0100

Version 2.91 is not vulnerable, does not include crappy CPU consuming useless features and plays mp3's like any other 
version.

Cheers,
SkyLined

----- Original Message ----- 
From: "Brett Moore" <brett.moore () security-assessment com>
To: "Full-Disclosure () Lists  Netsys. Com" <full-disclosure () lists netsys com>
Sent: Wednesday, November 24, 2004 04:05
Subject: [Full-disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]


========================================================================
= Winamp - Buffer Overflow In IN_CDDA.dll
=
= Affected Software:
=       Winamp 5.05, 5.06
=
= Public disclosure on November 24, 2004
========================================================================

== Overview ==

Hate to be the bearer of bad news.

It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
issue that we notified Nullsoft about. This is obviously not good. 

As we wrote in our advisory we were notified by email that the issue had
been fixed and an update posted to the website. 

We have sent Nullsoft a copy of this email, and hope that they can remedy
this problem quickly. Unfortunately, this may not be the case as was
pointed out to me by somebody.

== Solutions ==

- Disassociate .cda and .m3u extensions from winamp
- Wait for an update

Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com  


######################################################################
CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. 
They may also be privileged or otherwise protected from disclosure. If 
you are not the intended recipient, advise the sender and delete this 
message and any attachment from your system. If you are not the 
intended recipient, you are not authorised to use or copy this message 
or attachment or disclose the contents to any other person. Views 
expressed are not necessarily endorsed by Security-Assessment.com 
Limited. Please note that this communication does not designate an 
information system for the purposes of the New Zealand Electronic 
Transactions Act 2003.
######################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]