Winamp 5.12 - 0day exploit - code execution through playlist
- From: Process <processtree@xxxxxxxxxxxxxx>
- Date: Mon, 30 Jan 2006 16:00:16 +0100
The current version of winamp contains an error in its playlist parsing allowing malicious users to
execute code via a prepared playlist.
This bug can even be triggered through a website - without user interaction - by linking to a pls
file in an IFRAME tag.
Windows DEP (Data Execution Prevention) will stop this bug. If you dont have DEP its strongly
advised to delete Winamp until a non vulnerable version is released.
More information (in german, babelfish is your friend :) at http://www.heise.de/newsticker/meldung/68981
Greets,
carol
<a href="http://www.tarifchecks.de/";>http://www.tarifchecks.de/</a>
<a href="http://autoversicherung.einsurance.de/";>http://autoversicherung.einsurance.de/</a>
- Follow-Ups:
- Re: Winamp 5.12 - 0day exploit - code execution through playlist
- From: Chris Wysopal
- Re: Winamp 5.12 - 0day exploit - code execution through playlist
- Prev by Date: Re: BlackWorm naming confusing [CME entry now available]
- Next by Date: [ GLSA 200601-15 ] Paros: Default administrator password
- Previous by thread: UebiMiau Webmail System Security Vulnerability
- Next by thread: Re: Winamp 5.12 - 0day exploit - code execution through playlist
- Index(es):
