Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Winamp .m3u fun again ;)
From: Sowhat <smaillist () gmail com>
Date: Thu, 16 Feb 2006 16:53:03 +0800

Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

by Sowhat

Discovery: 2005.07.21
Pubulished: 2006.02.16

http://secway.org/advisory/AD20060216.txt

Affected:

Winamp All versions (including 5.13)

Overview:

WinAMP is a popular media player that supports various media and playlist
formats, including playlists in m3u or pls format.


This bug was found during Reading the following Advisory by
tombkeeper () NSFOCUS
http://www.nsfocus.com/english/homepage/research/0501.htm


PoC.m3u

#EXTM3U
#EXTINF:5,demo
cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3


btw: Alan McCaig (b0f) published a similar 0day vulnerability today,
so I think it's time to PUB this lame advisory tooooo.

see: http://www.frsirt.com/english/advisories/2006/0613


WORKAROUND:

No WORKAROUND this time.
plz check the vendor's website for update
OR, dont use Winamp ;)

Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys





--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Winamp .m3u fun again ;) Sowhat (Feb 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]