lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 16 Feb 2006 16:53:03 +0800
From: Sowhat <smaillist@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Winamp .m3u fun again ;)

Winamp .m3u Remote Buffer Overflow Vulnerability (0day)

by Sowhat

Discovery: 2005.07.21
Pubulished: 2006.02.16

http://secway.org/advisory/AD20060216.txt

Affected:

Winamp All versions (including 5.13)

Overview:

WinAMP is a popular media player that supports various media and playlist
formats, including playlists in m3u or pls format.


This bug was found during Reading the following Advisory by
tombkeeper@...OCUS
http://www.nsfocus.com/english/homepage/research/0501.htm


PoC.m3u

#EXTM3U
#EXTINF:5,demo
cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3


btw: Alan McCaig (b0f) published a similar 0day vulnerability today,
so I think it's time to PUB this lame advisory tooooo.

see: http://www.frsirt.com/english/advisories/2006/0613


WORKAROUND:

No WORKAROUND this time.
plz check the vendor's website for update
OR, dont use Winamp ;)

Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys





--
Sowhat
http://secway.org
"Life is like a bug, Do you know how to exploit it ?"

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ