[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] Re: [Exploit] Winamp 5.x/3.x Skin File Remote Code Execution Exploit
From: No Reply <noreply () pewp ! hack ! se>
Date: 2004-08-31 6:16:00
Message-ID: 413417A0.8010307 () pewp ! hack ! se
[Download RAW message or body]
Hi!
Anyone successfully exploited this vulnerability on a machine with
Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work.
//David
K-OTik Security Survey wrote:
>----------------------------------------------------------------------
>
> K-OTiK Security / Exploits
>
>----------------------------------------------------------------------
>
> 2002-2004 K-OTiK.COM © Threat and Security Survey 24h/24 and 7j/7
>
> Backend/XML/RSS - http://www.k-otik.com/rss
>
>----------------------------------------------------------------------
>
>
>
>25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit
>
>-----------
>
>
>
>K-OTik Security has received since July 22nd several reports from
>
>users who were hacked on IRC. This 0day attack had been used to spread
>
>spyware and trojans, infecting a computer after the victim clicked on
>
>a fake winamp skin web link.
>
>
>
>We confirmed this flaw on fully patched systems running the latest
>
>version of Winamp, and reported today this flaw/exploit to avers.
>
>
>
>we decided today to make this exploit "public". There is no patch for
>
>this vulnerability -> do NOT use Winamp.
>
>
>
>http://www.k-otik.com/exploits/08252004.skinhead.php
>
>
>
>----------------------------------------------------------------------
>
>----------------------------------------------------------------------
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic