Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Buffer overflow in Zinf 2.2.1 for Win32

Buffer overflow in Zinf 2.2.1 for Win32

From: Luigi Auriemma <aluigi_at_autistici.org>
Date: Fri, 24 Sep 2004 21:31:02 +0000

I don't know why this bug has not been tracked but moreover I don't
completely know why it has not been fixed yet in the Windows version of
Zinf.

In short, Zinf is an audio player for Linux and Windows: http://www.zinf.org
The latest Linux version is 2.2.5 while the latest Windows version is 2.2.1
which is still vulnerable to a buffer-overflow bug in the management of the
playlist files ".pls".

This bug has been found and fixed by the same developers in the recent
versions for Linux but, as already said, the vulnerable Windows version is
still downloadable and can be exploited locally and remotely through the web
browser and a malicious pls file.

A simple proof-of-concept to test the bug is available here:

  http://aluigi.altervista.org/poc/zinf-bof.pls

That's all, just to keep track of this bug and to warn who uses the Windows
version.

BYEZ

---
Luigi Auriemma
http://aluigi.altervista.org
Received on Sep 25 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]