This may have something to do with why there is no patch out from Nullsoft.
http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsoft_Winamp/1100111204 On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <[EMAIL PROTECTED]> wrote: > > > exploit and technical study of the Winamp flaw posted by k-otik > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > "..the cdda library only reserves 20 bytes for names when files are .cda, so > the stack will be overwritten and exception occurs when a name looks like > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda" > > but still NO patch from Winamp !!! > > ________________________________ > Do you Yahoo!? > Yahoo! Mail - You care about security. So do we. > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
