Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

2006.02.17
Credit: Sowhat
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Winamp .m3u Remote Buffer Overflow Vulnerability (0day) by Sowhat Discovery: 2005.07.21 Pubulished: 2006.02.16 http://secway.org/advisory/AD20060216.txt Affected: Winamp All versions (including 5.13) Overview: WinAMP is a popular media player that supports various media and playlist formats, including playlists in m3u or pls format. This bug was found during Reading the following Advisory by tombkeeper@NSFOCUS http://www.nsfocus.com/english/homepage/research/0501.htm PoC.m3u #EXTM3U #EXTINF:5,demo cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3 btw: Alan McCaig (b0f) published a similar 0day vulnerability today, so I think it's time to PUB this lame advisory tooooo. see: http://www.frsirt.com/english/advisories/2006/0613 WORKAROUND: No WORKAROUND this time. plz check the vendor's website for update OR, dont use Winamp ;) Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top