[19987] in bugtraq
Re: Winamp 2.63 full disclosure exploit
daemon@ATHENA.MIT.EDU (Josh Merchant)
Mon Apr 2 00:28:15 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <002601c0bad2$c463d7b0$6943b4d1@r2f2e2>
Date: Sun, 1 Apr 2001 12:39:55 -0500
Reply-To: Josh Merchant <merchantjosh@QWEST.NET>
From: Josh Merchant <merchantjosh@QWEST.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
> Hi all,
>
> I have written a full disclosure buffer overflow
> exploit for the winamp 2.63 buffer overflow found in
> the M3U file parser...
[Snip]
Correct me if I'm wrong, but wasn't this issue already discussed back in
July of 2000? I (admittedly) do not understand all the nuances of a buffer
overflow, but it seems to me that the posting
http://www.securityfocus.com/archive/1/70933
from the Bugtraq archives deal with the exact same issue.
Also, after checking the whatsnew.txt for Winamp, this security hole was
patched in version 2.65
DKG/CTC
