[VIM] Winamp security vagueness
George A. Theall
theall at tenablesecurity.com
Thu Jun 22 07:28:58 EDT 2006
Steven M. Christey wrote:
> Which changelog entry is for the Fortinet advisory? Which for the
> milw0rm advisory? Are there 1, 2, or 3 issues?
Searching Nullsoft's support forums, I came across the announcement of 5.24:
http://forums.winamp.com/showthread.php?threadid=248100
which links to Secunia's advisory SA20722 which in turn credits
BassReFLeX, who authored the Milw0rm exploit, while also saying it may
be related to Fortinet's advisory. Unfortunately, there is no such
detail in the announcement of 5.22:
http://forums.winamp.com/showthread.php?threadid=247003
Also, for grins I tested BassReFLeX's exploit against 5.23 (successful)
and 5.24 (not).
So, I think it's safe to say there are two issues here. Or maybe one.
But definitely not three. :-)
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list