[19996] in bugtraq
Re: Winamp 2.63 full disclosure exploit
daemon@ATHENA.MIT.EDU (Weiss, Bill)
Mon Apr 2 14:34:12 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010402102205.A13069@att.net>
Date: Mon, 2 Apr 2001 10:22:05 -0600
Reply-To: bill_weiss@ATT.NET
From: "Weiss, Bill" <bill_weiss@ATT.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <002601c0bad2$c463d7b0$6943b4d1@r2f2e2>; from
merchantjosh@QWEST.NET on Sun, Apr 01, 2001 at 12:39:55PM -0500
Josh Merchant(merchantjosh@QWEST.NET)@Sun, Apr 01, 2001 at 12:39:55PM -0500:
> > Hi all,
> >
> > I have written a full disclosure buffer overflow
> > exploit for the winamp 2.63 buffer overflow found in
> > the M3U file parser...
>
> [Snip]
>
> Correct me if I'm wrong, but wasn't this issue already discussed back in
> July of 2000? I (admittedly) do not understand all the nuances of a buffer
> overflow, but it seems to me that the posting
>
> http://www.securityfocus.com/archive/1/70933
>
> from the Bugtraq archives deal with the exact same issue.
>
> Also, after checking the whatsnew.txt for Winamp, this security hole was
> patched in version 2.65
>
Just thought I'd throw in what the WinAMP whatsnew.txt says.
Winamp 2.65:
* fix to ex-m3u bug/security hole
