[24962] in bugtraq
Re: Winamp: Mp3 file can control the minibrowser
daemon@ATHENA.MIT.EDU (Andreas Sandblad)
Thu Apr 4 00:52:27 2002
Date: Wed, 3 Apr 2002 21:02:31 +0200 (CEST)
From: Andreas Sandblad <sandblad@acc.umu.se>
To: Daniel Lorch <daniel@lorch.cc>
Cc: bugtraq@securityfocus.com
In-Reply-To: <159919812.20020403194309@lorch.cc>
Message-ID: <Pine.LNX.4.44.0204032056270.32024-100000@mao.acc.umu.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi Daniel Lorch and the rest of Bugtraq,
it seems like Winamp staff just fixed the problem at server level to
correctly
filter out/convert html tags. Nice to see they so quickly adressed the
problem. Less than 30 minutes? I want to thank
Wolfgang Schemmel
MfG thE_iNviNciblE
for confirming the vulnerability and giving info.
Daniel Lorch, I am very curious about the "ID3v1 URL Comment support" you
are talking about. Can you show that it's still a feature in Winamp?
According to some sites I searched the feature is achieved by adding:
"!/URL" or "^/URL" in the comment field of the ID3v1 tag. Am I wrong? But
it didn't
work for me. If it should work I think it is a very dangerous feature.
Specially given all the vulnerabilites in IE recently. (cookie bug etc...)
Sincerely,
Andreas Sandblad
On Wed, 3 Apr 2002, Daniel Lorch wrote:
> Hi,
>
> > Title: Winamp: Mp3 file can control the minibrowser
> > Date: [2002-04-3]
>
> Actually, this is meant to be a feature. Starting from version 2.10
> winamp has a "ID3v1 URL Comment support":
>
> http://www.winamp.com/download/newfeatures.jhtml
>
> This basically requires you to put a certain prefix + URL in the ID3v1
> comment field which will automatically redirect the minibrowser to
> this site.
>
> I wouldn't call this a "bug" as it only applies as long as the
> minibrowser is *visible*. Most people anyway automatically switch it off
> as it is quite disturbing.
>
> Kind Regards,
> Daniel Lorch
> http://daniel.lorch.cc/
>
>
--
_ _
o' \,=./ `o
(o o)
-ooO--(_)--Ooo-
