New Winamp3b Build 488


Recommended Posts

The version number is identical as the previous version and generally it is identical.

The file size will be smaller because the AOD (AOL On Desktop) has been removed and a flaw has also been plugged: http://online.securityfocus.com/archive/1/...29/2002-10-05/0

Winamp 3 skin files are *.WAL and are automatically opened by MSIE. They

are actually ZIP files with altered extension. They contain pictures and

configuration files used by wsabi (Winamp skinning system).

Wsabi engine is implemented inside wasabi.dll and is designed to provide

very configurable, OS-independant system for building skinnable

applications, quickly and easily (that's the reason why wsabi.dll is 800K

big).

A buffer overflow inside wsabi.dll may occur if

tag is altered with extremely huge value for file PATH (btw, MAX_PATH on

win32 is defined to be only 512B). This can allow the execution of

arbitrary code inside the address space of Winamp. Wsabi filters most non-

printable characters but specially designed shellcode will still pass

through.

Download: Winmap 3.0 Build 488

Update:

Just incase you don't believe me :)

Winamp.gif

http://www.xp-erience.org/comments.php?id=854

Link to comment
Share on other sites

This is not really a new version guys :(

The mods at winamp have had 489 for a while and 490 will be the next public beta... with the following new features and no doubt more :) :

http://www.winamp.com/nsdn/winamp3x/news/b.../betanews.jhtml

This is just small patch to remove a serious vulnerability... more waiting required :D

Link to comment
Share on other sites

No its a private internal beta, last I heard is that 490 will be the next public beta. 489 has many broken features.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.