Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports

Reply
Thread Tools Search this Thread Display Modes
Old 30th January 2006, 17:08   #1
djsurge
Junior Member
 
Join Date: Nov 2005
Location: Chicago, IL
Posts: 2
Winamp Computer Name Handling Buffer Overflow Vulnerability

So... this came up on my google news, couldn't find it reported on winamp forum so... sorry if you guys know this already, but it's kinda big.
ZDNet article
Secunia Advisory
Actual Exploit
djsurge is offline   Reply With Quote
Old 30th January 2006, 17:33   #2
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,862
Yes, we know about it and it's already been fixed :-)

Here is the patched in_mp3.dll for 5.12
http://www.winamp.com/in_mp3.dll

*edited by deppy. this url will be removed once a new client with this fix has been released.


(place in_mp3.dll in the Winamp\Plugins folder)


There'll be a 5.13 released shortly, which will be exactly the same as 5.12 but with the patched in_mp3 included.

There'll be a separate patched in_mp3.dll included with the next public release of 5.2 beta, also hopefully today.


Note: we've already moved/deleted a few similar threads which reported this issue, but I'm going to leave this one active, seeing as there's now a patch available.


[Edit: 2nd Feb] in_mp3 now removed [/Edit]
DJ Egg is offline   Reply With Quote
Old 30th January 2006, 17:36   #3
djsurge
Junior Member
 
Join Date: Nov 2005
Location: Chicago, IL
Posts: 2
phew cool, thanks
djsurge is offline   Reply With Quote
Old 30th January 2006, 20:31   #4
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,862
A patched 5.13 is now available:
http://forums.winamp.com/showthread.php?threadid=236744
DJ Egg is offline   Reply With Quote
Old 31st January 2006, 16:10   #5
joopbraak
Junior Member
 
Join Date: Jan 2006
Posts: 3
Quote:
Originally posted by DJ Egg
Here is the patched in_mp3.dll for 5.12
http://www.winamp.com/in_mp3.dll

*edited by deppy. this url will be removed once a new client with this fix has been released.
Quote:
There'll be a 5.13 released shortly, which will be exactly the same as 5.12 but with the patched in_mp3 included.
Hmm, the URL still works, and it's a different version then the releases 5.13 version.

Just to let you know, cheers.
joopbraak is offline   Reply With Quote
Old 31st January 2006, 16:32   #6
DJ Egg
Techorator
Winamp & Shoutcast Team
 
Join Date: Jun 2000
Posts: 35,862
Answered here. Please don't crosspost.
DJ Egg is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump