Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports
Reload this Page Winamp 2.91 Allows Code Execution Through MIDI Files

 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
Old 10th September 2003, 02:58   #1
shins
Senior Member
 
shins's Avatar
 
Join Date: Feb 2003
Posts: 157
[EXPLOIT] Winamp 2.91 Allows Code Execution Through MIDI Files
Quote:
Winamp 2.91 uses a default plugin called IN_MIDI.DLL used to play MIDI files.

The versions prior and equal to the 3.01 of this plugin let an
attacker execute code on a victim's machine, simply setting the "Track data size" value of a MIDI file to 0xffffffff.

A funny anecdote about the bug I have found is that I found it almost 9 months ago (beginning of January 2003) but I thought it was nothing of interesting and I forgot it on my hard-disk for a lot of time...
Taken from Security Corporation

Does IN_MIDI.DLL 3.03 have the same vulnerability? I wouldn't know. Don't feel like running any infected MIDIs with it either, heh.
shins is offline   Reply With Quote
 
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports
Reload this Page Winamp 2.91 Allows Code Execution Through MIDI Files

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Winamp.com - Help - Archive - Top
Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.