[28284] in bugtraq
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff
daemon@ATHENA.MIT.EDU (Shutters, Mike)
Fri Dec 20 22:10:47 2002
Message-ID: <8628ADFB314FD5119C390008C7E9638E02170681@MESSENGER>
From: "Shutters, Mike" <mshutters@titan.com>
To: "'David Howe'" <DaveHowe@gmx.co.uk>,
"Email List: BugTraq" <bugtraq@securityfocus.com>
Date: Thu, 19 Dec 2002 20:17:23 -0500
MIME-Version: 1.0
Content-Type: text/plain
I went ahead and installed the latest 2.81, even though it was dated as you
said. After the install I found a file in the Plugins directory named
IN_MP3.DLL, which is 132K in size and dated December 16, 2002, 1:55 PM.
Perhaps this is the file which created the fix. Unfortunately, I didn't
check the directory contents prior to updating from 2.80.
Mike
> -----Original Message-----
> From: David Howe [SMTP:DaveHowe@gmx.co.uk]
> Sent: Thursday, December 19, 2002 9:49 AM
> To: Email List: BugTraq
> Subject: Re: Foundstone Research Labs Advisory - Multiple Exploitable
> Buffer Overflows in Winamp (fwd)
>
> at Thursday, December 19, 2002 12:31 AM, Dave Ahmad
> <da@securityfocus.com> was seen to say:
> > Solution:
> > For Winamp 2.81 users
> > We recommend either upgrading to Winamp 3.0 or redownloading Winamp
> > 2.81 (which has since been fixed) from: http://www.winamp.com
> Does anyone have a more direct URL or a MD5 hash of the "safe" file? the
> current download of 2.81 is still dated Aug 21 and the current 3.0 dated
> 8 Aug (on the site - haven't downloaded 3.0. but the internal date on
> 2.81 is definitely the 21st)
> There is also *nothing* about this on the winamp site - its as if it
> didn't exist.
>
