Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinAmp Security Hole Deepens


  • Please log in to reply
1 reply to this topic

#1 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:03:50 AM

Posted 29 November 2004 - 09:45 AM

Patched version still open and exploit code is circulating.By Matthew Broersma, Techworld A serious security flaw reported this week in WinAmp is still unpatched, contrary to the vendor's assurances, according to the researcher who discovered the vulnerability. What's more, exploit code taking advantage of the flaw has begun circulating on the Internet, making attacks simpler to carry out, said security experts "It appears that the 'patched' version 5.05 does not fix the buffer overflow issue that we notified Nullsoft about," said Brett Moore, chief technical officer of Security-Assessment.com, in an email to the Bugtraq security mailing list on Wednesday. "We have sent Nullsoft a copy of this email, and hope that they can remedy this problem quickly." Nullsoft did not immediately respond to Techworld's request for comment.
Posted Image

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:50 AM

Posted 30 November 2004 - 01:55 PM

The 5.06 patch did NOT fix this issue either.

In-Reply-To: <BAY101-F277D543B4547323CCB31D8A9BA0 phx gbl>


Winamp 5.06 is also vulnerable and exploitable...thus this flaw is still unpatched.

you can test it using this code :
http://www.k-otik.com/exploits/20041124.winampm3u.c.php

Regards
K-OTik Security Research & Monitoring Team 24/7
http://www.k-otik.com


rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users