Old 10th September 2003, 02:58   #1
Senior Member
shins's Avatar
Join Date: Feb 2003
Posts: 157
[EXPLOIT] Winamp 2.91 Allows Code Execution Through MIDI Files

Winamp 2.91 uses a default plugin called IN_MIDI.DLL used to play MIDI files.

The versions prior and equal to the 3.01 of this plugin let an
attacker execute code on a victim's machine, simply setting the "Track data size" value of a MIDI file to 0xffffffff.

A funny anecdote about the bug I have found is that I found it almost 9 months ago (beginning of January 2003) but I thought it was nothing of interesting and I forgot it on my hard-disk for a lot of time...
Taken from Security Corporation

Does IN_MIDI.DLL 3.03 have the same vulnerability? I wouldn't know. Don't feel like running any infected MIDIs with it either, heh.
shins is offline   Reply With Quote
Go Back   Winamp & Shoutcast Forums > Winamp > Winamp Bug Reports

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump