Buffer overflow in the WinAMP Windows sound player allows remote attacker to launch simple denial of service attacks that crash WinAMP.
fba27144ec67d704c742b4053217af504fcb6f83072958d7848afbf8c4215156
Date: Wed, 12 May 1999 13:02:43 +0200
From: Wojtek Kaniewski <wojtekka@BYDNET.COM.PL>
To: BUGTRAQ@netspace.org
Subject: Buffer overflow in WinAMP 2.x
Introduction
------------
WinAMP is a popular Windows sound player with support for many file
formats (MP3, wave files, modules). It also supports MP3 streaming
(let's call it sh0utcast).
Description of the problem
--------------------------
If we tell WinAMP to open file location (Ctrl+L) which is over 256
bytes long, it'll produce nice GPF. The bug also appears when loading
playlists (.m3u and .pls)
What can we do with this bug?
-----------------------------
Many sh0utcast radios place .pls files on their websites, which contain
URL for radio's sh0utcast server.
If we'll make b00m.pls file like this...
[playlist]
NumberOfEntries=1
File1=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... (about 256 A's)
and put such link...
<A HREF="b00m.pls">Techno explosion -- The Coolest MP3 Radio</A>
on our website, we can make couple of WinAMPs crash. I suppose, that
there's a possibility to put our own code in the filename (see cDc-351
for details).
Nullsoft (producer of WinAMP) has been noticed about the bug two
versions ago.
--
wojtekka@irc.pl :: http://wojtekka.stone.pl/ :: ^wojtekka@ircnet
-----------------------------------------------------------------------
Date: Fri, 14 May 1999 15:56:28 -0400
From: William Yodlowsky <wyodlows@route1.nj.devry.edu>
To: BUGTRAQ@netspace.org
Subject: Re: Buffer overflow in WinAMP 2.x
Tested on WinAMP v2.091 on Win95A and Win95B;
v2.21 on Win98;
v1.9? and v2.21 on WinNT 4.0WS
It produced GPFs on all except WinNT, where it opened but simply didn't
play.
--Bill
<wyodlowsky@route1.nj.devry.edu>
On Wed, 12 May 1999, Wojtek Kaniewski wrote:
-----------------------------------------------------------------------
Date: Mon, 17 May 1999 03:40:48 +0100
From: Jello Biafra <biafra@X-STREAM.CO.UK>
To: BUGTRAQ@netspace.org
Subject: Re: Buffer overflow in WinAMP 2.x
On NT Server 4 with no Service Packs installed, this causes an
application error. Platform is a Cyrix MMX 233.
Access Violation (0xc0000005), Address : 0x62626262