Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Exe

from [No Reply] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day)
Date: Tue, 31 Aug 2004 08:16:00 +0200 
Hi!

Anyone successfully exploited this vulnerability on a machine with Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work.

//David


K-OTik Security Survey wrote:

----------------------------------------------------------------------

                     K-OTiK Security / Exploits

----------------------------------------------------------------------

 2002-2004 K-OTiK.COM © Threat and Security Survey 24h/24 and 7j/7

          Backend/XML/RSS - http://www.k-otik.com/rss

----------------------------------------------------------------------



25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit

----------- 



K-OTik Security has received since July 22nd several reports from

users who were hacked on IRC. This 0day attack had been used to spread

spyware and trojans, infecting a computer after the victim clicked on

a fake winamp skin web link.



We confirmed this flaw on fully patched systems running the latest

version of Winamp, and reported today this flaw/exploit to avers.



we decided today to make this exploit "public". There is no patch for

this vulnerability -> do NOT use Winamp.



http://www.k-otik.com/exploits/08252004.skinhead.php



----------------------------------------------------------------------

----------------------------------------------------------------------



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day), No Reply <=
Previous by Date:  Re: [Full-Disclosure] Viral infection via Serial Cable, James Tucker
Next by Date:  [Full-Disclosure] Open Source Vulnerability Database Opens Vendor Dictionary, Jake
Previous by Thread:  [Full-Disclosure] [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow, debian-security-announce
Next by Thread:  [Full-Disclosure] Open Source Vulnerability Database Opens Vendor Dictionary, Jake
Indexes:  [Date] [Thread] [Top] [All Lists]