Re: Winamp: Mp3 file can control the minibrowser

[Andreas Sandblad <sandblad () acc umu se>]

Hi Daniel Lorch and the rest of Bugtraq,

it seems like Winamp staff just fixed the problem at server level to
correctly
filter out/convert html tags. Nice to see they so quickly adressed the
problem. Less than 30 minutes? I want to thank
  Wolfgang Schemmel
  MfG thE_iNviNciblE
for confirming the vulnerability and giving info.

Daniel Lorch, I am very curious about the "ID3v1 URL Comment support" you
are talking about. Can you show that it's still a feature in Winamp?
According to some sites I searched the feature is achieved by adding:
"!/URL" or "^/URL" in the comment field of the ID3v1 tag. Am I wrong? But
it didn't
work for me. If it should work I think it is a very dangerous feature.
Specially given all the vulnerabilites in IE recently. (cookie bug etc...)

Sincerely,
Andreas Sandblad

On Wed, 3 Apr 2002, Daniel Lorch wrote:

> Hi,
>
> > Title:      Winamp: Mp3 file can control the minibrowser
> > Date:       [2002-04-3]
>
> Actually, this is meant to be a feature. Starting from version 2.10
> winamp has a "ID3v1 URL Comment support":
>
>   http://www.winamp.com/download/newfeatures.jhtml
>
> This basically requires you to put a certain prefix + URL in the ID3v1
> comment field which will automatically redirect the minibrowser to
> this site.
>
> I wouldn't call this a "bug" as it only applies as long as the
> minibrowser is *visible*. Most people anyway automatically switch it off
> as it is quite disturbing.
>
> Kind Regards,
>   Daniel Lorch
>   http://daniel.lorch.cc/

-- 
    _     _
  o' \,=./ `o
     (o o)
-ooO--(_)--Ooo-