[<prev] [next>] [day] [month] [year] [list]
Message-ID: <413417A0.8010307@pewp.hack.se>
From: noreply at pewp.hack.se (No Reply)
Subject: Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit
(0day)
Hi!
Anyone successfully exploited this vulnerability on a machine with
Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work.
//David
K-OTik Security Survey wrote:
>----------------------------------------------------------------------
>
> K-OTiK Security / Exploits
>
>----------------------------------------------------------------------
>
> 2002-2004 K-OTiK.COM ? Threat and Security Survey 24h/24 and 7j/7
>
> Backend/XML/RSS - http://www.k-otik.com/rss
>
>----------------------------------------------------------------------
>
>
>
>25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit
>
>-----------
>
>
>
>K-OTik Security has received since July 22nd several reports from
>
>users who were hacked on IRC. This 0day attack had been used to spread
>
>spyware and trojans, infecting a computer after the victim clicked on
>
>a fake winamp skin web link.
>
>
>
>We confirmed this flaw on fully patched systems running the latest
>
>version of Winamp, and reported today this flaw/exploit to avers.
>
>
>
>we decided today to make this exploit "public". There is no patch for
>
>this vulnerability -> do NOT use Winamp.
>
>
>
>http://www.k-otik.com/exploits/08252004.skinhead.php
>
>
>
>----------------------------------------------------------------------
>
>----------------------------------------------------------------------
>
>
Powered by blists - more mailing lists