[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <43DE2A00.8090106@rootonfire.org>
Date: Mon, 30 Jan 2006 16:00:16 +0100
From: Process <processtree@...tonfire.org>
To: bugtraq@...urityfocus.com
Subject: Winamp 5.12 - 0day exploit - code execution through playlist
The current version of winamp contains an error in its playlist parsing allowing malicious users to
execute code via a prepared playlist.
This bug can even be triggered through a website - without user interaction - by linking to a pls
file in an IFRAME tag.
Windows DEP (Data Execution Prevention) will stop this bug. If you dont have DEP its strongly
advised to delete Winamp until a non vulnerable version is released.
More information (in german, babelfish is your friend :) at http://www.heise.de/newsticker/meldung/68981
Greets,
carol
<a href="http://www.tarifchecks.de/">http://www.tarifchecks.de/</a>
<a href="http://autoversicherung.einsurance.de/">http://autoversicherung.einsurance.de/</a>
Powered by blists - more mailing lists