this vulnerability is explained on winamp site : http://www.winamp.com/news.jhtml;$sessionid$TLOSMMSIHA3UZTN24UYBCZQ?articlei d=9680 ----- Original Message ----- From: "Russell Garrett" <rg@tcslon.com> To: "David Howe" <DaveHowe@gmx.co.uk> Sent: Thursday, December 19, 2002 10:58 PM Subject: RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) > This is an MD5 of a verified patched winamp 2.81, downloaded from > Nullsoft's internal tester site: > > C:\>md5 winamp281_full.exe > 353709951105A4671F457051157991C9 > > > -----Original Message----- > > From: David Howe [mailto:DaveHowe@gmx.co.uk] > > Sent: 19 December 2002 17:49 > > To: Email List: BugTraq > > Subject: Re: Foundstone Research Labs Advisory - Multiple Exploitable > > Buffer Overflows in Winamp (fwd) > > > > > > at Thursday, December 19, 2002 12:31 AM, Dave Ahmad > > <da@securityfocus.com> was seen to say: > > > Solution: > > > For Winamp 2.81 users > > > We recommend either upgrading to Winamp 3.0 or redownloading Winamp > > > 2.81 (which has since been fixed) from: http://www.winamp.com > > Does anyone have a more direct URL or a MD5 hash of the "safe" file? the > > current download of 2.81 is still dated Aug 21 and the current 3.0 dated > > 8 Aug (on the site - haven't downloaded 3.0. but the internal date on > > 2.81 is definitely the 21st) > > There is also *nothing* about this on the winamp site - its as if it > > didn't exist. > > -------------------------------------------------------------------------- -- > Russ Garrett russ@garrett.co.uk. > http://russ.garrett.co.uk. >
