Nullsoft Winamp M3U Playlist Buffer Overflow Vulnerability
BID:1496
Info
Nullsoft Winamp M3U Playlist Buffer Overflow Vulnerability
| Bugtraq ID: | 1496 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 17 2001 12:00AM |
| Updated: | Jan 17 2001 12:00AM |
| Credit: | Posted to Bugtraq on July 20, 2000 by Pauli Ojanpera <[email protected]>. |
| Vulnerable: |
NullSoft Winamp 2.6 4 |
| Not Vulnerable: | |
Discussion
Nullsoft Winamp M3U Playlist Buffer Overflow Vulnerability
The M3U Playlist file parser in NullSoft Winamp does not perform proper bounds checking with the extension "#EXTINF:". Therefore, entering a string consisting of over 280 characters in conjunction with this parameter will cause a buffer overflow condition which will either crash the application or allow for arbitrary code to be executed, depending on the data entered.
The M3U Playlist file parser in NullSoft Winamp does not perform proper bounds checking with the extension "#EXTINF:". Therefore, entering a string consisting of over 280 characters in conjunction with this parameter will cause a buffer overflow condition which will either crash the application or allow for arbitrary code to be executed, depending on the data entered.
Exploit / POC
Nullsoft Winamp M3U Playlist Buffer Overflow Vulnerability
Cut and paste the following into a M3U file:
EXTM3U
#EXTINF:<string of of over 280 characters>
Cut and paste the following into a M3U file:
EXTM3U
#EXTINF:<string of of over 280 characters>
Solution / Fix
Nullsoft Winamp M3U Playlist Buffer Overflow Vulnerability
Solution:
Nullsoft has addressed this issue in Winamp 2.65.
Solution:
Nullsoft has addressed this issue in Winamp 2.65.