Version 2.91 is not vulnerable, does not include crappy CPU consuming useless features and plays mp3's like any other version.
Cheers, SkyLined ----- Original Message ----- From: "Brett Moore" <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED] Netsys. Com" <[EMAIL PROTECTED]> Sent: Wednesday, November 24, 2004 04:05 Subject: [Full-Disclosure] Winamp - Buffer Overflow In IN_CDDA.dll [Unpatched] > ======================================================================== > = Winamp - Buffer Overflow In IN_CDDA.dll > = > = Affected Software: > = Winamp 5.05, 5.06 > = > = Public disclosure on November 24, 2004 > ======================================================================== > > == Overview == > > Hate to be the bearer of bad news. > > It appears that the 'patched' version 5.05 does NOT fix the buffer overflow > issue that we notified Nullsoft about. This is obviously not good. > > As we wrote in our advisory we were notified by email that the issue had > been fixed and an update posted to the website. > > We have sent Nullsoft a copy of this email, and hope that they can remedy > this problem quickly. Unfortunately, this may not be the case as was > pointed out to me by somebody. > > == Solutions == > > - Disassociate .cda and .m3u extensions from winamp > - Wait for an update > > Brett Moore > Network Intrusion Specialist, CTO > Security-Assessment.com > > > ###################################################################### > CONFIDENTIALITY NOTICE: > > This message and any attachment(s) are confidential and proprietary. > They may also be privileged or otherwise protected from disclosure. If > you are not the intended recipient, advise the sender and delete this > message and any attachment from your system. If you are not the > intended recipient, you are not authorised to use or copy this message > or attachment or disclose the contents to any other person. Views > expressed are not necessarily endorsed by Security-Assessment.com > Limited. Please note that this communication does not designate an > information system for the purposes of the New Zealand Electronic > Transactions Act 2003. > ###################################################################### > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html