Full Disclosure mailing list archives
RE: Winamp vulnerability : technical study and Exploit released
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 24 Nov 2004 13:21:34 -0600
Nope, that is what this is for... "Only a few employees remain to prop up the once-ubiquitous digital audio player with minor updates, but no further improvements to Winamp are expected." Therefore no big changes but they can fix small things. They tried with 5.0.6 but they will have to try again.
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Rich Eicher Sent: Wednesday, November 24, 2004 11:05 AM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Winamp vulnerability : technical study and Exploit released This may have something to do with why there is no patch out from Nullsoft. http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsof t_Winamp/1100111204 On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <elvi52001 () yahoo com> wrote:exploit and technical study of the Winamp flaw posted by k-otik http://www.k-otik.com/exploits/20041124.winampm3u.c.php "..the cdda library only reserves 20 bytes for names when files are .cda, so the stack will be overwritten and exception occurs when a name looks like aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda" but still NO patch from Winamp !!! ________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Winamp vulnerability : technical study and Exploit released Todd Towles (Nov 24)