[31491] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: Winamp 2.91 lets code execution through MIDI files

daemon@ATHENA.MIT.EDU (Thor Larholm)
Tue Sep 9 13:16:15 2003

MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Date: Mon, 8 Sep 2003 15:36:30 -0700
content-class: urn:content-classes:message
Message-ID: <8B32EDC90D8F4E4AB40918883281874D9B3A@pivxwin2k1.secnet.pivx.com>
From: "Thor Larholm" <thor@pivx.com>
To: "Auriemma Luigi" <aluigi@pivx.com>, <bugtraq@securityfocus.com>
Cc: <vulnwatch@vulnwatch.org>, <full-disclosure@lists.netsys.com>,
        <list@dshield.org>, <support@sintelli.com>, <24@sintelli.com>,
        <list@securiteam.com>
Content-Transfer-Encoding: 8bit

As was the case with Windows Media Player, when you install Winamp the
registry settings for MIDI files are set to automatically open the file
in the associated program. As such, this is also automatically
exploitable through webpages and HTML mail.



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

-----Original Message-----
From: Auriemma Luigi 
Sent: Monday, September 08, 2003 12:19 PM
Subject: Winamp 2.91 lets code execution through MIDI files

<snip http://aluigi.altervista.org/adv/winamp-midi-adv.txt>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31491] in bugtraq

RE: Winamp 2.91 lets code execution through MIDI files

daemon@ATHENA.MIT.EDU (Thor Larholm)Tue Sep 9 13:16:15 2003

daemon@ATHENA.MIT.EDU (Thor Larholm)
Tue Sep 9 13:16:15 2003