Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Winamp 2.6x / 2.7x buffer overflow
From: ByteRage <byterage () YAHOO COM>
Date: Sun, 6 May 2001 04:33:32 -0700


Winamp 2.74 doesnt seem to be affected by the bug
(although I thought it would be), only 2.60 -> 2.73
are affected, the AIP file format is some format
invented by AudioSoft to provide a legal way to get
MP3's from the net. AIP files or AudioSoft parameter
files seem to contain weakly encrypted authentication
information... The buffer overflow occurs right in the
decryption loop, there's no bounds checking there...
When in doubt try out the attached proof of concept
exploit (HACKME.AIP). I don't know whether they fixed
that divide by zero bug yet in v2.74
(CRASH-ZEROES.AIP). I also don't know if the AudioSoft
plugin is used by other music software.

greetz,
[ByteRage]
<byterage () yahoo com> http://elf.box.sk/byterage

--- Tom Laermans <tom.laermans () POWERSOURCE CX> wrote:
Hi,

WINAMP 2.6x / 2.7x BUFFER OVERFLOW

AFFECTED SYSTEMS
Winamp 2.73 (full)
[...]
DESCRIPTION

Winamp has a buffer overflow condition when parsing
*.AIP files. (which are set to be automatically
downloaded without
user intervention, just like the *.M3U / *.PLS
files)

Actually, my copy of WinAmp (v2.74) does absolutely
nothing with .AIP
files, nor are they listed anywhere in the "File
Types" in the selection
box. What are they supposed to do, anyway? (I've
never heard of 'em before
either)

Tom

-------------------------------------------------
Web: http://www.powersource.cx --- ICQ#: 12120754
Also check this out:  http://kickme.to/sidewinder
Need some cheats?? http://www.chaos-cheatbase.com
Keep Fido&BBS Alive!     http://skynetbbs.dyns.cx
-------------------------------------------------


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Attachment: aip-files.zip
Description: aip-files.zip

Attachment: wabof3.c
Description: wabof3.c


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]