[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 Sep 2003 15:36:30 -0700
From: "Thor Larholm" <thor@...x.com>
To: "Auriemma Luigi" <aluigi@...x.com>, <bugtraq@...urityfocus.com>
Cc: <vulnwatch@...nwatch.org>, <full-disclosure@...ts.netsys.com>,
<list@...ield.org>, <support@...telli.com>, <24@...telli.com>,
<list@...uriteam.com>
Subject: RE: Winamp 2.91 lets code execution through MIDI files
As was the case with Windows Media Player, when you install Winamp the
registry settings for MIDI files are set to automatically open the file
in the associated program. As such, this is also automatically
exploitable through webpages and HTML mail.
Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
-----Original Message-----
From: Auriemma Luigi
Sent: Monday, September 08, 2003 12:19 PM
Subject: Winamp 2.91 lets code execution through MIDI files
<snip http://aluigi.altervista.org/adv/winamp-midi-adv.txt>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists