Bugtraq mailing list archives
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd)
From: "Richard Stanway" <null@127.0.0.1>
Date: Thu, 19 Dec 2002 20:25:09 -0000
at Thursday, December 19, 2002 12:31 AM, Dave Ahmad <da () securityfocus com> was seen to say:Solution: For Winamp 2.81 users We recommend either upgrading to Winamp 3.0 or redownloading Winamp 2.81 (which has since been fixed) from: http://www.winamp.comDoes anyone have a more direct URL or a MD5 hash of the "safe" file? the current download of 2.81 is still dated Aug 21 and the current 3.0 dated 8 Aug (on the site - haven't downloaded 3.0. but the internal date on 2.81 is definitely the 21st) There is also *nothing* about this on the winamp site - its as if it didn't exist.
I'm not sure about version 3, but 2.81: sha1 of old_winamp281_std.exe: EA1B5C4D1C3385ECECF912F97FBA9119921711F3 sha1 of winamp281_std.exe: 043F3B966E5A04A54B868A92A96543FEDB45D035 The file on the site is different to the one I downloaded a few weeks ago. After installing it, the winamp.exe is identical, but the in_mp3.dll plugin has changed and the listed version is "2.81b" instead of "2.81". The SHA1 of the new in_mp3.dll is 6526FD310031AF47B89FC43F2552C0D51CA7D433. Richard Stanway http://www.r1ch.net/
Current thread:
- Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Dave Ahmad (Dec 18)
- Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) David Howe (Dec 19)
- RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Richard Stanway (Dec 21)
- RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Russell Garrett (Dec 21)
- Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) David Howe (Dec 19)