[VIM] Winamp security vagueness

George A. Theall theall at tenablesecurity.com
Thu Jun 22 07:28:58 EDT 2006

Steven M. Christey wrote:

> Which changelog entry is for the Fortinet advisory?  Which for the
> milw0rm advisory?  Are there 1, 2, or 3 issues?

Searching Nullsoft's support forums, I came across the announcement of 5.24:


which links to Secunia's advisory SA20722 which in turn credits
BassReFLeX, who authored the Milw0rm exploit, while also saying it may
be related to Fortinet's advisory. Unfortunately, there is no such
detail in the announcement of 5.22:


Also, for grins I tested BassReFLeX's exploit against 5.23 (successful)
and  5.24 (not).

So, I think it's safe to say there are two issues here. Or maybe one.
But definitely not three. :-)

theall at tenablesecurity.com

More information about the VIM mailing list