Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

2006.02.17

Credit: Sowhat

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-0708

CWE: CWE-Other

CVSS Base Score: 9.3/10

Impact Subscore: 10/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

Winamp .m3u Remote Buffer Overflow Vulnerability (0day)
by Sowhat
Discovery: 2005.07.21
Pubulished: 2006.02.16
http://secway.org/advisory/AD20060216.txt
Affected:
Winamp All versions (including 5.13)
Overview:
WinAMP is a popular media player that supports various media and playlist
formats, including playlists in m3u or pls format.
This bug was found during Reading the following Advisory by tombkeeper@NSFOCUS
http://www.nsfocus.com/english/homepage/research/0501.htm
PoC.m3u
#EXTM3U
#EXTINF:5,demo
cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3
btw: Alan McCaig (b0f) published a similar 0day vulnerability today,
so I think it's time to PUB this lame advisory tooooo.
see: http://www.frsirt.com/english/advisories/2006/0613
WORKAROUND:
No WORKAROUND this time.
plz check the vendor's website for update
OR, dont use Winamp ;)
Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys
--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.