Bugtraq mailing list archives
Re: Winamp 2.6x / 2.7x buffer overflow
From: ByteRage <byterage () YAHOO COM>
Date: Sun, 6 May 2001 04:33:32 -0700
Winamp 2.74 doesnt seem to be affected by the bug (although I thought it would be), only 2.60 -> 2.73 are affected, the AIP file format is some format invented by AudioSoft to provide a legal way to get MP3's from the net. AIP files or AudioSoft parameter files seem to contain weakly encrypted authentication information... The buffer overflow occurs right in the decryption loop, there's no bounds checking there... When in doubt try out the attached proof of concept exploit (HACKME.AIP). I don't know whether they fixed that divide by zero bug yet in v2.74 (CRASH-ZEROES.AIP). I also don't know if the AudioSoft plugin is used by other music software. greetz, [ByteRage] <byterage () yahoo com> http://elf.box.sk/byterage --- Tom Laermans <tom.laermans () POWERSOURCE CX> wrote:
Hi,WINAMP 2.6x / 2.7x BUFFER OVERFLOW AFFECTED SYSTEMS Winamp 2.73 (full) [...] DESCRIPTION Winamp has a buffer overflow condition when parsing *.AIP files. (which are set to be automaticallydownloaded withoutuser intervention, just like the *.M3U / *.PLSfiles) Actually, my copy of WinAmp (v2.74) does absolutely nothing with .AIP files, nor are they listed anywhere in the "File Types" in the selection box. What are they supposed to do, anyway? (I've never heard of 'em before either) Tom ------------------------------------------------- Web: http://www.powersource.cx --- ICQ#: 12120754 Also check this out: http://kickme.to/sidewinder Need some cheats?? http://www.chaos-cheatbase.com Keep Fido&BBS Alive! http://skynetbbs.dyns.cx -------------------------------------------------
__________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
Attachment:
aip-files.zip
Description: aip-files.zip
Attachment:
wabof3.c
Description: wabof3.c
Current thread:
- Re: Winamp 2.6x / 2.7x buffer overflow Tom Laermans (May 04)
- Re: Winamp 2.6x / 2.7x buffer overflow ByteRage (May 11)