mailing list archives
Winamp 5.07 (latest version) Remote Crash + other stupid shizle
From: b0f <b0fnet () yahoo com>
Date: Mon, 13 Dec 2004 11:16:31 -0800 (PST)
Winamp 5.07 (latest version) Remote Crash.
+ vuln to cause 100% cpu usage.
Winamp is a very popular windows audio
and video player. It also has alot
of other features and is used by
millions of people across the world.
There is a vuln in winamp's handling of .mp4
and .m4a files. Which when exploited can
remotly crash the victims winamp.
The vuln lies in the .mp4 tagging system
which winamp uses.If you use winamps built
in feature to edit the tags on .mp4 or .m4a
files and insert any data in there the next
time the file is opened it will instantly
now how to crash it remotly.
if we create a .pls file contaning the data
and make a html page containing an iframe linking
to the .pls like.
now if the victim clicks a link to a page like
it will auto open up the .pls file and load the .mp4
file into winamp and crash it.
This could also be done with .m3u instead of .pls
This one is simple if you create say a 1mb file
probably smaller filled with junk and name it
with either .nsv or .nsa file extension.
When opened in winamp it will cause 100% cpu
usage. The bigger the size of the file the
more it will probably slow down the system.
Successful exploitation allows remote attackers to
crash the victims winamp.
Successful exploitation causes 100% cpu usage.
This has been confirmed in the latest version of
5.07 and probably vuln in earlier versions.
Don't open suspicous .mp4 .m4a .nsa or .nsv files or
click untrusted links.
The vendor has not been contacted.
Why bother ? one asks
Alan M aka b0f
(b0fnet () yahoo com)
P.S Buy Tupac - Loyal to the Game
Do you Yahoo!?
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
Full-Disclosure - We believe in it.
- Winamp 5.07 (latest version) Remote Crash + other stupid shizle b0f (Dec 14)