Bugtraq mailing list archives

RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd)

From: "Shutters, Mike" <mshutters () titan com>
Date: Thu, 19 Dec 2002 20:17:23 -0500

I went ahead and installed the latest 2.81, even though it was dated as you
said.  After the install I found a file in the Plugins directory named
IN_MP3.DLL, which is 132K in size and dated December 16, 2002, 1:55 PM.
Perhaps this is the file which created the fix.  Unfortunately, I didn't
check the directory contents prior to updating from 2.80.

Mike

-----Original Message-----
From: David Howe [SMTP:DaveHowe () gmx co uk]
Sent: Thursday, December 19, 2002 9:49 AM
To:   Email List: BugTraq
Subject:      Re: Foundstone Research Labs Advisory - Multiple Exploitable
Buffer Overflows in Winamp (fwd)

at Thursday, December 19, 2002 12:31 AM, Dave Ahmad
<da () securityfocus com> was seen to say:

Solution:
For Winamp 2.81 users
We recommend either upgrading to Winamp 3.0 or redownloading Winamp
2.81 (which has since been fixed) from: http://www.winamp.com

Does anyone have a more direct URL or a MD5 hash of the "safe" file? the
current download of 2.81 is still dated Aug 21 and the current 3.0 dated
8 Aug (on the site - haven't downloaded 3.0. but the internal date on
2.81 is definitely the 21st)
There is also *nothing* about this on the winamp site - its as if it
didn't exist.

Current thread:

RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Shutters, Mike (Dec 20)
- Re: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Mischa Krilov (Dec 20)