Network Security: Detailed info on Winamp 5.12 - 0day exploit

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Winamp 5.12 - 0day exploit - code execution through playlist

from [Process] Network Security

[Permanent Link]

Subject:	Winamp 5.12 - 0day exploit - code execution through playlist
Date:	Mon, 30 Jan 2006 16:00:16 +0100

The current version of winamp contains an error in its playlist parsing 
allowing malicious users to
execute code via a prepared playlist.

This bug can even be triggered through a website - without user interaction - 
by linking to a pls
file in an IFRAME tag.

Windows DEP (Data Execution Prevention) will stop this bug. If you dont have 
DEP its strongly
advised to delete Winamp until a non vulnerable version is released.

More information (in german, babelfish is your friend :) at 
http://www.heise.de/newsticker/meldung/68981


Greets,
carol

<a href="http://www.tarifchecks.de/";>http://www.tarifchecks.de/</a>
<a 
href="http://autoversicherung.einsurance.de/";>http://autoversicherung.einsurance.de/</a>

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Winamp 5.12 - 0day exploit - code execution through playlist, Process <= Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal Re: Re: Winamp 5.12 - 0day exploit - code execution through playlist, Juha-Matti Laurio

Previous by Date:	Arescom NetDSL-1000 DoS atack source, framirez
Next by Date:	sPaiz-Nuke Cross-Site Scripting Vulnerability, [at]
Previous by Thread:	Arescom NetDSL-1000 DoS atack source, framirez
Next by Thread:	Re: Winamp 5.12 - 0day exploit - code execution through playlist, Chris Wysopal
Indexes:	[Date] [Thread] [Top] [All Lists]