This may have something to do with why that article is crap: http://www.winamp.com/about/article.php?aid=10627
On Wed, 24 Nov 2004 11:04:56 -0600, Rich Eicher <[EMAIL PROTECTED]> wrote: > This may have something to do with why there is no patch out from Nullsoft. > > http://www.betanews.com/article/Death_Knell_Sounds_for_Nullsoft_Winamp/1100111204 > > > > > On Wed, 24 Nov 2004 07:08:52 -0800 (PST), ElviS .de <[EMAIL PROTECTED]> wrote: > > > > > > exploit and technical study of the Winamp flaw posted by k-otik > > http://www.k-otik.com/exploits/20041124.winampm3u.c.php > > > > "..the cdda library only reserves 20 bytes for names when files are .cda, so > > the stack will be overwritten and exception occurs when a name looks like > > aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.cda" > > > > but still NO patch from Winamp !!! > > > > ________________________________ > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
