Date sent: Wed, 12 May 1999 13:02:43 +0200 Send reply to: Wojtek Kaniewski <wojtekkaat_private> From: Wojtek Kaniewski <wojtekkaat_private> Subject: Buffer overflow in WinAMP 2.x To: BUGTRAQat_private > Introduction > ------------ > WinAMP is a popular Windows sound player with support for many file > formats (MP3, wave files, modules). It also supports MP3 streaming > (let's call it sh0utcast). > > Description of the problem > -------------------------- > If we tell WinAMP to open file location (Ctrl+L) which is over 256 > bytes long, it'll produce nice GPF. The bug also appears when loading > playlists (.m3u and .pls) > > What can we do with this bug? > ----------------------------- > Many sh0utcast radios place .pls files on their websites, which contain > URL for radio's sh0utcast server. > > If we'll make b00m.pls file like this... > > [playlist] > NumberOfEntries=1 > File1=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... (about 256 A's) > > and put such link... > > <A HREF="b00m.pls">Techno explosion -- The Coolest MP3 Radio</A> > > on our website, we can make couple of WinAMPs crash. I suppose, that > there's a possibility to put our own code in the filename (see cDc-351 > for details). > > Nullsoft (producer of WinAMP) has been noticed about the bug two > versions ago. > > -- > wojtekkaat_private :: http://wojtekka.stone.pl/ :: ^wojtekka@ircnet > On NT Server 4 with no Service Packs installed, this causes an application error. Platform is a Cyrix MMX 233. Access Violation (0xc0000005), Address : 0x62626262
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:06 PDT