RE: Winamp vulnerability : technical study and Exploit released

["Todd Towles" <toddtowles () brookshires com>]

Nope, that is what this is for... "Only a few employees remain to prop
up the once-ubiquitous digital audio player with minor updates, but no
further improvements to Winamp are expected."

Therefore no big changes but they can fix small things. They tried with
5.0.6 but they will have to try again. 


> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Rich Eicher
> Sent: Wednesday, November 24, 2004 11:05 AM
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Winamp vulnerability : 
> technical study and Exploit released
>
> This may have something to do with why there is no patch out 
> from Nullsoft.
>
> http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsof
> t_Winamp/1100111204
>
>
> On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de 
> <elvi52001 () yahoo com> wrote:
> >  
> > exploit and technical study of the Winamp flaw posted by k-otik  
> > http://www.k-otik.com/exploits/20041124.winampm3u.c.php
> >   
> > "..the cdda library only reserves 20 bytes for names when files are 
> > .cda, so the stack will be overwritten and exception occurs when a 
> > name looks like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda"
> >   
> > but still NO patch from Winamp !!!
> >
> >  ________________________________
> > Do you Yahoo!?
> >  Yahoo! Mail - You care about security. So do we. 
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html