<< Save On New iPods And Support WyldRyde | Home | District Attorney's Office Warns About Zombies! >>





September 11, 2007

Vulnerability in multiple "now playing" scripts

Wouter Coekaerts has posted an alert to various Security mailing list last month alleging vulnerabilities in multiple "Now Playing" scripts and IRC clients that display the current music track being played.

While he admits that bug would be very difficult to exploit he warns that every script and chat client with "now playing" he tested was vulnerable to this exploit.

What makes this bug noteworthy in my opinion is that it is present in *all* scripts with this feature which were tested. They can all be exploited by the same malicious mp3. This includes:

* irssi: from http://irssi.org/scripts/: ixmmsa.pl 0.3, l33tmusic.pl 2.00, mpg123.pl 0.01, ogg123.pl 0.01, xmms.pl 2.0, xmms2.pl 1.1.3, xmmsinfo.pl 1.1.1.1
* XChat: many from http://xchat.org: xmms-thing 1.0, XMMS Remote Control Script 1.07, Disrok 1.0, a2x 0.0.1, Another xmms-info script 1.0, XChat-XMMS 0.8.1, and more...
* weechat: from http://weechat.flashtux.org/: now-playing.rb, xmms.pl 1.1
* BitchX: from http://scripts.bitchx.org/: xmms.bx 1.0
* Konversation: included media script
* Many scripts for mIRC, and probably other clients too

Posted in IRC News by #!/usr/bin/geek at 2007-09-11 01:32 ET (GMT-5)

Tags:


Comments


Post a comment

(Required)


(Valid Email Required)

Store my name and email in a cookie so I don't have to enter it again:


Comments are subject to the WyldRyde IRC Network Comment Policy

Links, URLs, and Web Addresses are prohibited!




Use of this form signifies your agreement to the WyldRyde IRC Network Comment Policy!


<< Save On New iPods And Support WyldRyde | Home | District Attorney's Office Warns About Zombies! >>





Copyright (C) 1994 - 2008 - WyldRyde IRC Network - All rights reserved.
Advertise on WyldRyde | Link to WyldRyde | Network Terms of Service (Rules) | Donate to WyldRyde
Use of this web site signifies your agreement to the Conditions of Use | Copyright Notices | Privacy Policy

WyldRyde, WyldRyde IRC Network, WyldRyde Corp, WyldRyde Corporation, WyldRyde.org, WyldRyde.net, and WyldRyde Chat Script are trademarks of WyldRyde Corporation. All other trademarks and tradenames are property of their respective owners.