[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day)
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day)
- From: No Reply <noreply@xxxxxxxxxxxx>
- Date: Tue, 31 Aug 2004 08:16:00 +0200
Hi!
Anyone successfully exploited this vulnerability on a machine with
Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work.
//David
K-OTik Security Survey wrote:
----------------------------------------------------------------------
K-OTiK Security / Exploits
----------------------------------------------------------------------
2002-2004 K-OTiK.COM © Threat and Security Survey 24h/24 and 7j/7
Backend/XML/RSS - http://www.k-otik.com/rss
----------------------------------------------------------------------
25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit
-----------
K-OTik Security has received since July 22nd several reports from
users who were hacked on IRC. This 0day attack had been used to spread
spyware and trojans, infecting a computer after the victim clicked on
a fake winamp skin web link.
We confirmed this flaw on fully patched systems running the latest
version of Winamp, and reported today this flaw/exploit to avers.
we decided today to make this exploit "public". There is no patch for
this vulnerability -> do NOT use Winamp.
http://www.k-otik.com/exploits/08252004.skinhead.php
----------------------------------------------------------------------
----------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html