lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070502043125.26967.qmail@securityfocus.com>
Date: 2 May 2007 04:31:25 -0000
From: preth00nker@...il.com
To: bugtraq@...urityfocus.com
Subject: Atomix Mp3 Buffer Overflow

#####################################################  
###
###           << Buffer OverFlow >>   
###            A T O M I X   M P 3
###  
###        Preth00nker [at] gmail [dot] com
###                BY PRETH00NKER  
###             http://mexhackteam.org  
###  
###    an spetial dedication to my friends Shaka & 1tachi
###  
######################################################  

[ Introduction ]

  (*)Buffer Overflow or B0F: it is caused by a saturation 
on the stack at the momento when a strcpy() function is 
called and the string is LONGER than hoped.

  (*)AtomixMP3, it is an MP3 DJ mix software, was developed 
to make the technical aspect of djing literally as simple 
as clicking a mouse. 


[ Explanation ]

  When Atomix.exe load the MP3 available in the computer realize
an strcpy function for allocate the route of the file, the risk 
comes when the name's file exceed the buffer located previously,
it cause an overflow leaving the posibility for execute
arbitrary code into the machine.

[ Exploit ]

http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ