Full Disclosure mailing list archives
Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day)
From: No Reply <noreply () pewp hack se>
Date: Tue, 31 Aug 2004 08:16:00 +0200
Hi!Anyone successfully exploited this vulnerability on a machine with Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work. //David K-OTik Security Survey wrote:
---------------------------------------------------------------------- K-OTiK Security / Exploits ---------------------------------------------------------------------- 2002-2004 K-OTiK.COM © Threat and Security Survey 24h/24 and 7j/7 Backend/XML/RSS - http://www.k-otik.com/rss ---------------------------------------------------------------------- 25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit-----------K-OTik Security has received since July 22nd several reports from users who were hacked on IRC. This 0day attack had been used to spread spyware and trojans, infecting a computer after the victim clicked on a fake winamp skin web link. We confirmed this flaw on fully patched systems running the latest version of Winamp, and reported today this flaw/exploit to avers. we decided today to make this exploit "public". There is no patch for this vulnerability -> do NOT use Winamp. http://www.k-otik.com/exploits/08252004.skinhead.php ---------------------------------------------------------------------- ----------------------------------------------------------------------
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit (0day) No Reply (Aug 31)