SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Winamp Vendors:   Nullsoft
Winamp Buffer Overflow in Processing '.m3u' File Names May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015621
SecurityTracker URL:  http://securitytracker.com/id/1015621
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2006
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 5.13
Description:   A vulnerability was reported in Winamp. A remote user may be able to execute arbitrary code on the target user's system.

A remote user can create a '.m3u' file with a specially crafted file name. When the file is opened by the target user with Winamp, a buffer overflow will be triggered and the Winamp player will crash.

The report did not confirm arbitrary code execution.

Alan McCaig (b0f) reported this vulnerability.

Impact:   A remote user may be able to cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.winamp.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  New winamp m3u/pls .WMA & .M3U Extension overflows

This is an update on.
http://idefense.com/intelligence/vulnerabilities/display.php?id=378

and also a new overflow with .m3u

This overflow is still present in the latest version of winamp 5.13 with a little bit of modifcation.

FIRST VULN
==========

like so..
Example m3U file format:

#EXTM3U
#EXTINF:,VULN
http://AAAA[...]AA.wma

Example pls file format:

[playlist]
numberofentries=5
File1=http://AAAA[...]AA.wma
Title1=
Length5=-1
Version=2

add correct amount of A's untill overflow occurs.

SECOND VULN
============

This one is simple create a file with a long file name like so AAAA[...]AA.m3u save the file and open it and suprise winamp crashes.

=================================================

The vendor has not been contacted on these issues due to past unsuccessfull attempts on other issues and both remain vuln in the latest
 version of winamp.

Regards 
Alan McCaig (b0f)
b0fnet@yahoo.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC