Bug: Winamp .m3u Remote Buffer Overflow Vulnerability (0day) (WLB-2006020050 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	Winamp .m3u Remote Buffer Overflow Vulnerability (0day)
Credit:	Sowhat
Date:	2006.02.17
CWE:	N/A
CVE:	CVE-2006-0708 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
High	No		Yes

Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

by Sowhat

Discovery: 2005.07.21
Pubulished: 2006.02.16

http://secway.org/advisory/AD20060216.txt

Affected:

Winamp All versions (including 5.13)

Overview:

WinAMP is a popular media player that supports various media and playlist
formats, including playlists in m3u or pls format.

This bug was found during Reading the following Advisory by tombkeeper@NSFOCUS
http://www.nsfocus.com/english/homepage/research/0501.htm

PoC.m3u

#EXTM3U
#EXTINF:5,demo
cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3

btw: Alan McCaig (b0f) published a similar 0day vulnerability today,
so I think it's time to PUB this lame advisory tooooo.

see: http://www.frsirt.com/english/advisories/2006/0613

WORKAROUND:

No WORKAROUND this time.
plz check the vendor's website for update
OR, dont use Winamp ;)

Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys

--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

[ ASCII VERSION ]

Bug: Winamp .m3u Remote Buffer Overflow Vulnerability (0day) (WLB-2006020050 Ascii Version)

use this form