|
|
======================================================================== = Winamp - Buffer Overflow In IN_CDDA.dll = = Affected Software: = Winamp 5.05, 5.06 = = Public disclosure on November 24, 2004 ======================================================================== == Overview == Hate to be the bearer of bad news. It appears that the 'patched' version 5.05 does NOT fix the buffer overflow issue that we notified Nullsoft about. This is obviously not good. As we wrote in our advisory we were notified by email that the issue had been fixed and an update posted to the website. We have sent Nullsoft a copy of this email, and hope that they can remedy this problem quickly. Unfortunately, this may not be the case as was pointed out to me by somebody. == Solutions == - Disassociate .cda and .m3u extensions from winamp - Wait for an update Brett Moore Network Intrusion Specialist, CTO Security-Assessment.com ###################################################################### CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2003. ######################################################################