[NT] CSS Bug in Winamp
From: support@securiteam.comDate: 08/10/02
- Previous message: support@securiteam.com: "[UNIX] iSCSI Default Configuration File Settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 10 Aug 2002 23:10:16 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
CSS Bug in Winamp
------------------------------------------------------------------------
SUMMARY
ID3v2 tag in MP3 file contains the information about MP3 file (artist,
title, album, comment, etc.). Winamp supports the creation of an HTML play
list from a Winamp play list. During the process of generating this HTML
file, the only information written will be the 'artist' and 'title'
section of ID3v2 tag. In 'artist' and 'title' section, arbitrary CSS code
can be placed. This arbitrary code can be caused to execute once the HTML
play list is viewed by the user.
DETAILS
Vulnerable systems:
* Winamp version 2.76
* Winamp version 2.79
Example:
Open 'view file info' on some MP3 file (read only flag on that file must
be removed), and edit ID3v2 tag. Put some text in 'artist' section. Then
insert some blank space characters (around 100) followed by your CSS code
(that will be executed once the 'title' section is viewed).
ADDITIONAL INFORMATION
The information has been provided by <mailto:downbload@hotmail.com>
DownBload.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] iSCSI Default Configuration File Settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- RETRY : newly released winamp 3 fails to address serious "execution of arbitrary" code iss
... newly released winamp 3 fails to address serious "execution of ... > For
those of you who have been living under a rock winamp 3 final was ... > Then look for
the body section of this html document (it looks a little ... > delete everything between
the body tags and place an object tag in its ... (Bugtraq) - [NT] WinAMP 3 Allows Execution of Arbitrary Code
... The new WinAMP 3 fails to address a serious arbitrary code execution ...
Then look for the body section of this HTML document (it looks a little ... Files starting
with an tag are always seen as ... (Securiteam) - Re: CSS font settings
... can be used for them to drop in their text and graphics, ... quite a few font
problems. ... are using simple HTML and dropping some text into tables. ...
not the HTML and CSS code to format it. ... (comp.infosystems.www.authoring.html) - Re: CSS bug in Winamp
... > Advisory name: CSS bug in Winamp ... CSS execution during
generation of html ... (Bugtraq) - Re: Old HTML?
... The use of css code is recommended but ... presentation from content is certainly
a technical advantage. ... you may want to learn HTML before trying to teach it.
... Web Hosting by West Virginians, ... (alt.html)
