winamp users: BOF via ID3v2

From: sammy (sammy@zxvf.net)
Date: Tue Apr 30 2002 - 23:52:56 CEST

  • Next message: jacquier.f@free.fr: "DJ SPIDER PLAYLIST"

    Hello, all.

    Just an FYI, there was a buffer overflow discovered in
    the minibrowser of winamp-2.79 and earlier viersons.
    This is exploited by the ID3v2 tags in an MP3 header.
    It could be bad, depending on what somebody coded
    up inside your Random Internet MP3, so better safe
    than sorry.

    To safeguard yourself, do what I know everybody already
    loves to do - upgrade your software! Get the latest
    version here -

     http://download.nullsoft.com/winamp/client/winamp280_full.exe

    Here's an article and the security focus vuln info:

     http://news.com.com/2100-1023-895429.html?tag=fd_top
     http://online.securityfocus.com/bid/4609

    Anybody know if there is any code out there that
    might be able to scan id3 tags in your mp3 headers
    to see if you've already got tainted files?

    Cheers.

      sammy@zxvf.net

    --
    A SARAN LUGE TUNG HUM QUO
    



    This archive was generated by hypermail 2b30 : Wed May 01 2002 - 00:10:43 CEST