SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Multimedia)  >  Winamp Vendors:  Nullsoft
Winamp Buffer Overflow in Processing '.m3u' File Names May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015621
SecurityTracker URL:  http://securitytracker.com/id?1015621
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2006
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 5.13
Description:  A vulnerability was reported in Winamp. A remote user may be able to execute arbitrary code on the target user's system.

A remote user can create a '.m3u' file with a specially crafted file name. When the file is opened by the target user with Winamp, a buffer overflow will be triggered and the Winamp player will crash.

The report did not confirm arbitrary code execution.

Alan McCaig (b0f) reported this vulnerability.
Impact:  A remote user may be able to cause arbitrary code to be executed on the target user's system.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.winamp.com/ (Links to External Site)
Cause:  Boundary error
Underlying OS:  Windows (Any)
Reported By:  b0fnet@yahoo.com
Message History:   None.

 Source Message Contents
Date:  13 Feb 2006 20:34:01 -0000
From:  b0fnet@yahoo.com
Subject:  New winamp m3u/pls .WMA & .M3U Extension overflows

 
This is an update on.
http://idefense.com/intelligence/vulnerabilities/display.php?id=378

and also a new overflow with .m3u

This overflow is still present in the latest version of winamp 5.13 with a little bit of modifcation.

FIRST VULN
==========

like so..
Example m3U file format:

#EXTM3U
#EXTINF:,VULN
http://AAAA[...]AA.wma

Example pls file format:

[playlist]
numberofentries=5
File1=http://AAAA[...]AA.wma
Title1=
Length5=-1
Version=2

add correct amount of A's untill overflow occurs.

SECOND VULN
============

This one is simple create a file with a long file name like so AAAA[...]AA.m3u save the file and open
 it and suprise winamp crashes.

=================================================

The vendor has not been contacted on these issues due to past unsuccessfull attempts on other issues 
and both remain vuln in the latest
 version of winamp.

Regards 
Alan McCaig (b0f)
b0fnet@yahoo.com


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2006, SecurityGlobal.net LLC