Winamp v5.571 Malicious AVI Denial of Service

Exploit for windows platform in category dos / poc ============================================= Winamp v5.571 Malicious AVI Denial of Service ============================================= Tested on Windows 7 and Winamp v5.571x86 This bug is informed to Nullsoft and was fixed long back. The statu...

Winamp v5.572 Local BoF Exploit (Win7 ASLR and DEP Bypass)

No description provided by source. !/usr/bin/python Exploit Title: Winamp v5.572 Local BoF Exploit Win7 ASLR and DEP Bypass Date: June 26, 2010 Author: Node Software Link: http://download.nullsoft.com/winamp/client/winamp5572fullemusic-7plusen-us.exe Tested on: Windows 7 Ultimate x64 ENG Badchars...

Winamp 5.572 (Windows 7) - Local Buffer Overflow (ASLR + DEP Bypass)

!/usr/bin/python Exploit Title: Winamp v5.572 Local BoF Exploit Win7 ASLR and DEP Bypass Date: June 26, 2010 Author: Node Software Link: http://download.nullsoft.com/winamp/client/winamp5572fullemusic-7plusen-us.exe Tested on: Windows 7 Ultimate x64 ENG Badchars: '\x00\xff\x5c\x2f\x0a\x0d\x20'...

Winamp v5.571 malicious AVI file handling DoS Vulnerability

No description provided by source. Tested on Windows 7 and Winamp v5.571x86 This bug is informed to Nullsoft and was fixed long back. The status can be found at http://forums.winamp.com/showthread.php?s=&threadid=316000 This code works on Python 3.0. To make it work on 3.0 remove braces in print...

SHOUTcast DNAS/Win32 1.9.4 - File Request Format String Overflow (Metasploit)

$Id: shoutcastformat.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Winamp模块解码器插件多个缓冲区溢出漏洞

Bugraq ID: 37374 CVE ID：CVE-2009-3995 CVE-2009-3996 CVE-2009-3997 Winamp是一款流行的媒体播放程序。 Winamp包含多个安全漏洞，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 -模块解码器插件INMOD.DLL解析Oktalyzer文件时存在整数溢出，可导致基于堆的缓冲区溢出。 -模块解码器插件INMOD.DLL解析Impulse Tracker文件时存在多个边界错误，可导致基于堆的缓冲区溢出。 -模块解码器插件INMOD.DLL解析Ultratracker文件时存在多个边界错误，可导致基于堆的缓冲区溢出。...

Winamp JPEG和PNG整数溢出漏洞

Bugraq ID: 37387 Winamp是一款流行的媒体播放程序。 Winamp包含的"jpeg.w5s"和"png.w5s"过滤器处理媒体文件中的畸形的JPEG或PNG数据时存在整数溢出，构建恶意MP3诱使用户解析可导致以应用程序权限执行任意指令。 NullSoft Winamp 5.3.2 NullSoft Winamp 5.0 91 NullSoft Winamp 5.0 9 NullSoft Winamp 5.0 8c NullSoft Winamp 5.0 8 NullSoft Winamp 5.0 7 NullSoft Winamp 5.0 6 NullSoft...

Winamp IN_CDDA.dll Buffer Overflow (CVE-2004-1119)

Winamp is a very popular multimedia player, produced by NullSoft, which is capable of playing many formats of audio and video files. One of the audio formats supported by Winamp is Compact-Disc-Digital-Audio CDDA, which is the format used on standard audio Compact Discs CD. When an audio CD is...

SHOUTcast Filename Format String - ver 2 (CVE-2004-1373)

SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...

SHOUTcast Filename Format String (CVE-2004-1373)

SHOUTcast is a free distributed streaming audio system developed by Nullsoft. It is widely used by Internet-based radio stations. The SHOUTcast server implements a subset of the HTTP protocol to communicate with clients. A client-server session starts with the client requesting an audio stream fr...

Winamp MAKI脚本解析模块栈溢出漏洞

BUGTRAQ ID: 35052 Winamp是一款流行的媒体播放器，支持多种文件格式。 Winamp在解析.maki文件（一种编译过的脚本文件）时没有执行正确的类型赋值，可能导致缓冲区溢出。攻击者可以通过网页或下载对用户提供流行皮肤文件，该皮肤文件利用maki脚本在当前用户环境中执行任意代码。 Winamp的流行皮肤脚本引擎从.maki文件中读取字符串，字符串的格式如下（多字节值为little endian字节序列）： Offset Size Description --------- ------ --------------------------------------...

SHOUTcast服务器DNAS中继远程溢出漏洞

BUGTRAQ ID: 33904 SHOUTcast是一款网络电台服务器软件，由Nullsoft开发。 SHOUTcast在接收中继主服务器的数据时存在缓冲区溢出漏洞，如果SHOUTcast管理员受骗将服务器用作恶意服务器中继的话，接收数据时就可能溢出静态缓冲区，导致执行任意代码。 Nullsoft Shoutcast Server 1.9.8 厂商补丁： Nullsoft -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.shoutcast.com/...

Winamp 'NowPlaying'未明安全漏洞

BUGTRAQ ID: 30539 CNCAN ID：CNCAN-2008080601 Winamp是一款媒体播放程序。 Winamp包含的NowPlaying"功能存在未明错误，目前没有详细漏洞细节提供。 NullSoft Winamp 5.54 升级程序： NullSoft Winamp 5.54 NullSoft winamp5541fullen-us.exe http://download.nullsoft.com/winamp/client/winamp5541fullen-us.exe NullSoft winamp5541liteen-us.exe...

Winamp Ultravox流元数据多个栈溢出漏洞

BUGTRAQ ID: 27344 CVECAN ID: CVE-2008-0065 Winamp是一款流行的媒体播放器，支持多种文件格式。 Winamp在处理畸形格式的数据时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 Winamp的inmp3.dll库在解析Ultravox流元数据时没有正确地创建流标题。如果metadata部分设置了超长的artist和name标签值的话，就可能触发栈溢出，导致执行任意指令。 Nullsoft Winamp 5.51 Nullsoft Winamp 5.5 Nullsoft Winamp 5.21 Nullsoft --------...

nullsoft-overflow.txt

!/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have to use ALT+3 and press UPDATE. Instead this one ...

Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit

Exploit for unknown platform in category local exploits ==================================================== Nullsoft Winamp 5.32 MP4 tags Stack Overflow Exploit ==================================================== !/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited ...

CVE-2007-1229

Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...

NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)

NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service PoC / Nullsoft Winamp include include include define SERVERPORT 80 unsigned char buff1header1= "HTTP/1.0 200 OK\x0D\x0A" "Server: Ultravox 3.0\x0D\x0A" "Content-Type: misc/ultravox\x0D\x0A" "Ultravox-SID: 13381\x0D\x0A"...

CVE-2006-3534

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot %2E%2E sequences in an HTTP GET request for a file path containing "/content"...

CVE-2006-3535

Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534...