Winamp .m3u Remote Buffer Overflow Vulnerability (0day) by Sowhat Discovery: 2005.07.21 Pubulished: 2006.02.16 http://secway.org/advisory/AD20060216.txt Affected: Winamp All versions (including 5.13) Overview: WinAMP is a popular media player that supports various media and playlist formats, including playlists in m3u or pls format. This bug was found during Reading the following Advisory by tombkeeper@NSFOCUS http://www.nsfocus.com/english/homepage/research/0501.htm PoC.m3u #EXTM3U #EXTINF:5,demo cda://demoAAAAAAAAAAAAAAAAAAAAAA[...about 3600?...]AAAAAAAAAAAAAA.mp3 btw: Alan McCaig (b0f) published a similar 0day vulnerability today, so I think it's time to PUB this lame advisory tooooo. see: http://www.frsirt.com/english/advisories/2006/0613 WORKAROUND: No WORKAROUND this time. plz check the vendor's website for update OR, dont use Winamp ;) Greetings to tombkeeper,killer,baozi, all 0x557 & XFOCUS guys -- Sowhat http://secway.org "Life is like a bug, Do you know how to exploit it ?"
