Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

winamp.m3u.txt

🗓️ 27 Jul 2000 00:00:00Reported by Pauli OjanperaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Buffer overflow vulnerability in Winamp's M3U playlist parser allows total control of the computer.

Code
`This is a multi-part message in MIME format.  
  
------=_NextPart_000_6492_74c$21af  
Content-Type: text/plain; format=flowed  
  
LEGAL NOTICE:  
By reading this you do agree that life does not make  
sense and it doesn't need to. You also agree to  
wear a condom. You do agree to think about nature.  
.. umm you also agree to GPL all software you've ever  
written.  
  
[Click here if you're under 18]  
  
There is a buffer overflow security vulnerability in  
Winamp's (http://www.winamp.com) M3U playlist parser.  
The overflow happens when an M3U extension called "#EXTINF:" is being  
handled. The size of the parameter  
following that keyword is not checked.  
  
Real world example:  
  
--cut-here-and-paste-to-a-file-with-m3u-extension--  
#EXTM3U  
#EXTINF:AAAAAAAAA....AAAAAAAAA<cr><lf>  
--cut here--  
  
There should be at least 280 A's.  
  
The overflow allows total control over ones computer.  
For example one could embedd an M3U file to a web page  
several ways:  
- <A HREF="ATTACK.M3U">  
- <BGSOUND SRC="ATTACK.M3U">  
- <EMBED SRC="ATTACK.M3U">  
  
I have tested the first one but I have Media Player  
installed on this computer and my browser uses its  
components for the latter two so I cannot confirm..  
  
The only problem is some structure (FILE *?) after  
the buffer because it has a zero in it and it must  
not be crafted to successfully return from the function.  
I had to apply some trial and error to get code executed.  
Currently the code crafts Winamp's MOD file format support  
until restarted (I presume so.. :-).  
  
The attached .M3U file should crash Winamp at 0000:41414141. I've tested it  
with Windows 98 and  
Windows 95 with Winamp versions 2.62 and 2.64.  
  
Thank you.. I might not be available too frequently  
to answer your mail.. Have a nice life. Bye.  
  
________________________________________________________________________  
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com  
  
------=_NextPart_000_6492_74c$21af  
Content-Type: text/plain; name="ATTACK.M3U"; format=flowed  
Content-Transfer-Encoding: 8bit  
Content-Disposition: attachment; filename="ATTACK.M3U"  
  
#EXTM3U  
#EXTINF:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ¡PPPPAAAA  
  
  
------=_NextPart_000_6492_74c$21af--  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jul 2000 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflowwinamp vulnerabilitym3u playlistexploit examplecode executionsecurity risk.
28