Bugtraq mailing list archives
Winamp 5.12 - 0day exploit - code execution through playlist
From: Process <processtree () rootonfire org>
Date: Mon, 30 Jan 2006 16:00:16 +0100
The current version of winamp contains an error in its playlist parsing allowing malicious users to execute code via a prepared playlist. This bug can even be triggered through a website - without user interaction - by linking to a pls file in an IFRAME tag. Windows DEP (Data Execution Prevention) will stop this bug. If you dont have DEP its strongly advised to delete Winamp until a non vulnerable version is released. More information (in german, babelfish is your friend :) at http://www.heise.de/newsticker/meldung/68981 Greets, carol <a href="http://www.tarifchecks.de/">http://www.tarifchecks.de/</a> <a href="http://autoversicherung.einsurance.de/">http://autoversicherung.einsurance.de/</a>
Current thread:
- Winamp 5.12 - 0day exploit - code execution through playlist Process (Jan 30)
- Re: Winamp 5.12 - 0day exploit - code execution through playlist Chris Wysopal (Jan 30)
- <Possible follow-ups>
- Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist Juha-Matti Laurio (Jan 31)