<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Winamp 5.12 - 0day exploit - code execution through playlist

Winamp 5.12 - 0day exploit - code execution through playlist

From: Process <processtree_at_rootonfire.org>
Date: Mon, 30 Jan 2006 16:00:16 +0100

The current version of winamp contains an error in its playlist parsing allowing malicious users to
execute code via a prepared playlist.

This bug can even be triggered through a website - without user interaction - by linking to a pls
file in an IFRAME tag.

Windows DEP (Data Execution Prevention) will stop this bug. If you dont have DEP its strongly
advised to delete Winamp until a non vulnerable version is released.

More information (in german, babelfish is your friend :) at http://www.heise.de/newsticker/meldung/68981

Greets,
carol

<a href="http://www.tarifchecks.de/">http://www.tarifchecks.de/</a>
<a href="http://autoversicherung.einsurance.de/">http://autoversicherung.einsurance.de/</a>
Received on Jan 30 2006

This message: [ Message body ]
Next message: night_warrior771_at_securityfocus.com,: "sPaiz-Nuke Cross-Site Scripting Vulnerability"
Previous message: framirez_at_akori.fr: "Arescom NetDSL-1000 DoS atack source"
Next in thread: Chris Wysopal: "Re: Winamp 5.12 - 0day exploit - code execution through playlist"
Reply: Chris Wysopal: "Re: Winamp 5.12 - 0day exploit - code execution through playlist"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]