[Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day)

From: No Reply (noreply_at_pewp.hack.se)
Date: 08/31/04

  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow" 
    To: full-disclosure@lists.netsys.com
Date: Tue, 31 Aug 2004 08:16:00 +0200

    Hi!

    Anyone successfully exploited this vulnerability on a machine with
    Service Pack 2?
    I played around a little bit with it yesterday but didnt get it to work.

    //David

    K-OTik Security Survey wrote:

    >----------------------------------------------------------------------
    >
    > K-OTiK Security / Exploits
    >
    >----------------------------------------------------------------------
    >
    > 2002-2004 K-OTiK.COM © Threat and Security Survey 24h/24 and 7j/7
    >
    > Backend/XML/RSS - http://www.k-otik.com/rss
    >
    >----------------------------------------------------------------------
    >
    >
    >
    >25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit
    >
    >-----------
    >
    >
    >
    >K-OTik Security has received since July 22nd several reports from
    >
    >users who were hacked on IRC. This 0day attack had been used to spread
    >
    >spyware and trojans, infecting a computer after the victim clicked on
    >
    >a fake winamp skin web link.
    >
    >
    >
    >We confirmed this flaw on fully patched systems running the latest
    >
    >version of Winamp, and reported today this flaw/exploit to avers.
    >
    >
    >
    >we decided today to make this exploit "public". There is no patch for
    >
    >this vulnerability -> do NOT use Winamp.
    >
    >
    >
    >http://www.k-otik.com/exploits/08252004.skinhead.php
    >
    >
    >
    >----------------------------------------------------------------------
    >
    >----------------------------------------------------------------------
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: debian-security-announce_at_lists.debian.org: "[Full-Disclosure] [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow"

    Relevant Pages

    • Re: Why is Service Pack 3 causing issues with reports in my database?
      ... begins crashing for no reason when we attempt to open some reports. ... This is an issue with Service Pack 3, ... The Service Pack 3 update information didn't even mention any ... and ended up crashing when I tried to save the new report.. ...
      (microsoft.public.access.adp.sqlserver)
    • Re: Crosstab query - data lost
      ... I tried your reports, but they didnt show any differences. ... >> FROM TimeCostCalcs INNER JOIN tlkpJobCode ... >> FROM TimeCostCalcs INNER JOIN tlkpJobCode ON ...
      (microsoft.public.access.queries)
    • Re: Why is Service Pack 3 causing issues with reports in my database?
      ... After installing Service Pack 3 for Microsoft Office 2003, ... begins crashing for no reason when we attempt to open some reports. ... and ended up crashing when I tried to save the new report.. ... What properties do non-working rpts share ...
      (microsoft.public.access.modulesdaovba)
    • Why is Service Pack 3 causing issues with reports in my database?
      ... After installing Service Pack 3 for Microsoft Office 2003, ... begins crashing for no reason when we attempt to open some reports. ... and ended up crashing when I tried to save the new report.. ...
      (microsoft.public.access.adp.sqlserver)
    • Re: Any way to ID a cpu?
      ... It reports it as a 2400+. ... I tried it but it says it's based on the CPUID engine in the ... If I lower the FSB to 100 it ID's as an 1800+. ... I didnt think any of the XP class of cpu's ran at 100 but I ...
      (alt.comp.periphs.mainboard.asus)