[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Winamp vulnerability : technical study and Exploit released

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
From: "ElviS .de" <elvi52001@xxxxxxxxx>
Date: Wed, 24 Nov 2004 07:08:52 -0800 (PST)

exploit and technical study of the Winamp flaw posted by k-otik
 
http://www.k-otik.com/exploits/20041124.winampm3u.c.php  
"..the cdda library only reserves 20 bytes for names when files are .cda, so 
the stack will be overwritten and exception occurs when a name looks like 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda"
 
but still NO patch from Winamp !!!


                
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - You care about security. So do we.

Follow-Ups:
- Re: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
  - From: Rich Eicher

Prev by Date: Re: [Full-Disclosure] previledge password in cisco routers
Next by Date: RE: [Full-Disclosure] previledge password in cisco routers
Previous by thread: [Full-Disclosure] [SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
Next by thread: Re: [Full-Disclosure] Winamp vulnerability : technical study and Exploit released
Index(es):
- Date
- Thread