検索:
ホーム   »     »   Winamp 5.12 0-day

Winamp 5.12 0-day

  • 投稿日:2006年1月30日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Winamp has just released their 5.12 version last December 9, 2005, and now a new exploit for the new version is out. FR-SIRT already released and advisory(as well as the PoC) and yes, it works. As described in the attack vector: “make a html page containing an iframe linking to the .pls file.”


The author also released a link to a site which utilized the iframe, and here are some notes:



  • On visiting the link via FireFox, a dialog box asks you whether you want to download, or open the file.
  • On IE, however, the PoC is automatically executed without any warning.

I therefore conclude, if you have the vulnerable version of Winamp (and no patched version yet), use FireFox when browsing the web. No reports of this ITW yet.

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.