Hi!
Anyone successfully exploited this vulnerability on a machine with Service Pack 2?
I played around a little bit with it yesterday but didnt get it to work.
//David
K-OTik Security Survey wrote:
----------------------------------------------------------------------
K-OTiK Security / Exploits
----------------------------------------------------------------------
2002-2004 K-OTiK.COM � Threat and Security Survey 24h/24 and 7j/7
Backend/XML/RSS - http://www.k-otik.com/rss
----------------------------------------------------------------------
25.08.2004 : Winamp 5.x/3.x Skin File Remote Code Execution Exploit
-----------
K-OTik Security has received since July 22nd several reports from
users who were hacked on IRC. This 0day attack had been used to spread
spyware and trojans, infecting a computer after the victim clicked on
a fake winamp skin web link.
We confirmed this flaw on fully patched systems running the latest
version of Winamp, and reported today this flaw/exploit to avers.
we decided today to make this exploit "public". There is no patch for
this vulnerability -> do NOT use Winamp.
http://www.k-otik.com/exploits/08252004.skinhead.php
----------------------------------------------------------------------
----------------------------------------------------------------------
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
