bugtraq - RE: Winamp 2.91 lets code execution through MIDI files

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [day] [month] [year] [list]

Date: Mon, 8 Sep 2003 15:36:30 -0700
From: "Thor Larholm" <thor@...x.com>
To: "Auriemma Luigi" <aluigi@...x.com>, <bugtraq@...urityfocus.com>
Cc: <vulnwatch@...nwatch.org>, <full-disclosure@...ts.netsys.com>,
   <list@...ield.org>, <support@...telli.com>, <24@...telli.com>,
   <list@...uriteam.com>
Subject: RE: Winamp 2.91 lets code execution through MIDI files

As was the case with Windows Media Player, when you install Winamp the
registry settings for MIDI files are set to automatically open the file
in the associated program. As such, this is also automatically
exploitable through webpages and HTML mail.

Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

-----Original Message-----
From: Auriemma Luigi 
Sent: Monday, September 08, 2003 12:19 PM
Subject: Winamp 2.91 lets code execution through MIDI files

<snip http://aluigi.altervista.org/adv/winamp-midi-adv.txt>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html