[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
Date: Wed, 24 Nov 2004 11:42:02 +0100

Version 2.91 is not vulnerable, does not include crappy CPU consuming useless 
features and plays mp3's like any other version.

Cheers,
SkyLined

----- Original Message ----- 
From: "Brett Moore" <brett.moore@xxxxxxxxxxxxxxxxxxxxxxx>
To: "Full-Disclosure@Lists. Netsys. Com" <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Wednesday, November 24, 2004 04:05
Subject: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]


> ========================================================================
> = Winamp - Buffer Overflow In IN_CDDA.dll
> =
> = Affected Software:
> =       Winamp 5.05, 5.06
> =
> = Public disclosure on November 24, 2004
> ========================================================================
> 
> == Overview ==
> 
> Hate to be the bearer of bad news.
> 
> It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
> issue that we notified Nullsoft about. This is obviously not good. 
> 
> As we wrote in our advisory we were notified by email that the issue had
> been fixed and an update posted to the website. 
> 
> We have sent Nullsoft a copy of this email, and hope that they can remedy
> this problem quickly. Unfortunately, this may not be the case as was
> pointed out to me by somebody.
> 
> == Solutions ==
> 
> - Disassociate .cda and .m3u extensions from winamp
> - Wait for an update
> 
> Brett Moore
> Network Intrusion Specialist, CTO
> Security-Assessment.com  
> 
> 
> ######################################################################
> CONFIDENTIALITY NOTICE: 
> 
> This message and any attachment(s) are confidential and proprietary. 
> They may also be privileged or otherwise protected from disclosure. If 
> you are not the intended recipient, advise the sender and delete this 
> message and any attachment from your system. If you are not the 
> intended recipient, you are not authorised to use or copy this message 
> or attachment or disclose the contents to any other person. Views 
> expressed are not necessarily endorsed by Security-Assessment.com 
> Limited. Please note that this communication does not designate an 
> information system for the purposes of the New Zealand Electronic 
> Transactions Act 2003.
> ######################################################################
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
  - From: Brett Moore

Prev by Date: Re: [Full-Disclosure] Network Security in India
Next by Date: [Full-Disclosure] Re: signatures for Oracle Alert 68
Previous by thread: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
Next by thread: [Full-Disclosure] Jabberd2.x remote BuffJabberd2.x remote Buffer Overflowser Overflows
Index(es):
- Date
- Thread