Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]

from [alex cottle] Network Security [Permanent Link]
Subject: RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
Date: Fri, 26 Nov 2004 10:49:40 +0000 
Dear Brett

I've noticed that you say this is for version 5.05. Just looked at Winamp's site, and they have a 5.06 version out. Is this one vunerable as well?

Kind Regards

Alex Cottle


From: "Brett Moore" <brett.moore@security-assessment.com>
Reply-To: <brett.moore@security-assessment.com>
To: "Bugtraq@Securityfocus. Com" <bugtraq@securityfocus.com>
Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
Date: Wed, 24 Nov 2004 16:05:46 +1300

========================================================================
= Winamp - Buffer Overflow In IN_CDDA.dll
=
= Affected Software:
=       Winamp 5.05, 5.06
=
= Public disclosure on November 24, 2004
========================================================================

== Overview ==

Hate to be the bearer of bad news.

It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
issue that we notified Nullsoft about. This is obviously not good.

As we wrote in our advisory we were notified by email that the issue had
been fixed and an update posted to the website.

We have sent Nullsoft a copy of this email, and hope that they can remedy
this problem quickly. Unfortunately, this may not be the case as was
pointed out to me by somebody.

== Solutions ==

- Disassociate .cda and .m3u extensions from winamp
- Wait for an update

Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com


######################################################################
CONFIDENTIALITY NOTICE:

This message and any attachment(s) are confidential and proprietary.
They may also be privileged or otherwise protected from disclosure. If
you are not the intended recipient, advise the sender and delete this
message and any attachment from your system. If you are not the
intended recipient, you are not authorised to use or copy this message
or attachment or disclose the contents to any other person. Views
expressed are not necessarily endorsed by Security-Assessment.com
Limited. Please note that this communication does not designate an
information system for the purposes of the New Zealand Electronic
Transactions Act 2003.
######################################################################


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability, Chris Withers
Next by Date:  Re: Atari800 - local root. (fwd), Petr Stehlik
Previous by Thread:  Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], Brett Moore
Next by Thread:  Re: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched], K-OTiK Security
Indexes:  [Date] [Thread] [Top] [All Lists]