Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Winamp vulnerability : technical study and Exploit released
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 24 Nov 2004 13:21:34 -0600

Nope, that is what this is for... "Only a few employees remain to prop
up the once-ubiquitous digital audio player with minor updates, but no
further improvements to Winamp are expected."

Therefore no big changes but they can fix small things. They tried with
5.0.6 but they will have to try again. 


-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Rich Eicher
Sent: Wednesday, November 24, 2004 11:05 AM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Winamp vulnerability : 
technical study and Exploit released

This may have something to do with why there is no patch out 
from Nullsoft.

http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsof
t_Winamp/1100111204


On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de 
<elvi52001 () yahoo com> wrote:

 
exploit and technical study of the Winamp flaw posted by k-otik  
http://www.k-otik.com/exploits/20041124.winampm3u.c.php
  
"..the cdda library only reserves 20 bytes for names when files are 
.cda, so the stack will be overwritten and exception occurs when a 
name looks like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda"
  
but still NO patch from Winamp !!!

 ________________________________
Do you Yahoo!?
 Yahoo! Mail - You care about security. So do we. 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • RE: Winamp vulnerability : technical study and Exploit released Todd Towles (Nov 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault