Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

Credit: Sowhat
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Winamp .m3u Remote Buffer Overflow Vulnerability (0day) by Sowhat Discovery: 2005.07.21 Pubulished: 2006.02.16 Affected: Winamp All versions (including 5.13) Overview: WinAMP is a popular media player that supports various media and playlist formats, including playlists in m3u or pls format. This bug was found during Reading the following Advisory by tombkeeper@NSFOCUS PoC.m3u #EXTM3U #EXTINF:5,demo cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3 btw: Alan McCaig (b0f) published a similar 0day vulnerability today, so I think it's time to PUB this lame advisory tooooo. see: WORKAROUND: No WORKAROUND this time. plz check the vendor's website for update OR, dont use Winamp ;) Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys -- Sowhat "Life is like a bug, Do you know how to exploit it ?"

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top