[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY101-F277D543B4547323CCB31D8A9BA0@phx.gbl>
Date: Fri, 26 Nov 2004 10:49:40 +0000
From: "alex cottle" <eddie5659@...mail.com>
To: brett.moore@...urity-assessment.com, bugtraq@...urityfocus.com
Subject: RE: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
Dear Brett
I've noticed that you say this is for version 5.05. Just looked at Winamp's
site, and they have a 5.06 version out. Is this one vunerable as well?
Kind Regards
Alex Cottle
>From: "Brett Moore" <brett.moore@...urity-assessment.com>
>Reply-To: <brett.moore@...urity-assessment.com>
>To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com>
>Subject: Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched]
>Date: Wed, 24 Nov 2004 16:05:46 +1300
>
>========================================================================
>= Winamp - Buffer Overflow In IN_CDDA.dll
>=
>= Affected Software:
>= Winamp 5.05, 5.06
>=
>= Public disclosure on November 24, 2004
>========================================================================
>
>== Overview ==
>
>Hate to be the bearer of bad news.
>
>It appears that the 'patched' version 5.05 does NOT fix the buffer overflow
>issue that we notified Nullsoft about. This is obviously not good.
>
>As we wrote in our advisory we were notified by email that the issue had
>been fixed and an update posted to the website.
>
>We have sent Nullsoft a copy of this email, and hope that they can remedy
>this problem quickly. Unfortunately, this may not be the case as was
>pointed out to me by somebody.
>
>== Solutions ==
>
>- Disassociate .cda and .m3u extensions from winamp
>- Wait for an update
>
>Brett Moore
>Network Intrusion Specialist, CTO
>Security-Assessment.com
>
>
>######################################################################
>CONFIDENTIALITY NOTICE:
>
>This message and any attachment(s) are confidential and proprietary.
>They may also be privileged or otherwise protected from disclosure. If
>you are not the intended recipient, advise the sender and delete this
>message and any attachment from your system. If you are not the
>intended recipient, you are not authorised to use or copy this message
>or attachment or disclose the contents to any other person. Views
>expressed are not necessarily endorsed by Security-Assessment.com
>Limited. Please note that this communication does not designate an
>information system for the purposes of the New Zealand Electronic
>Transactions Act 2003.
>######################################################################
Powered by blists - more mailing lists