Mantrhax
08-02-2002, 17:16:53
Winamp Remote Code Execution Advisory
This could be used to download ddos bots, virii etc
02-04-2002 07:52:20 AM CST -- In the SNp mail box from Root-Core Security Group - Advisory 12
I just received this 'heads up' warning about the popular audio player 'WinAmp' from the folks at Root Core : " Recently we have found a hole in the popular audio player Winamp that allows arbitrary code to be ran on the users machine. The problem is in the way Winamp handles certain urls for music streams. With a simple url Winamp can be tricked into downloading any file. This could be used to download ddos bots, virii etc . "
" We have contacted Nullsoft about this and have yet to get a answer. We are going to wait a few more weeks before we release the exploit code itself. For now we suggest anyone that uses winamp to check all urls before clicking them and update any virus scanning software you have. We see this as a high risk vulnerability and should be patched by the vendor ASAP. "
Nao usem o Browser Interno do Winamp !!!
CYA
This could be used to download ddos bots, virii etc
02-04-2002 07:52:20 AM CST -- In the SNp mail box from Root-Core Security Group - Advisory 12
I just received this 'heads up' warning about the popular audio player 'WinAmp' from the folks at Root Core : " Recently we have found a hole in the popular audio player Winamp that allows arbitrary code to be ran on the users machine. The problem is in the way Winamp handles certain urls for music streams. With a simple url Winamp can be tricked into downloading any file. This could be used to download ddos bots, virii etc . "
" We have contacted Nullsoft about this and have yet to get a answer. We are going to wait a few more weeks before we release the exploit code itself. For now we suggest anyone that uses winamp to check all urls before clicking them and update any virus scanning software you have. We see this as a high risk vulnerability and should be patched by the vendor ASAP. "
Nao usem o Browser Interno do Winamp !!!
CYA