Winamp 2.74 doesnt seem to be affected by the bug (although I thought it would be), only 2.60 -> 2.73 are affected, the AIP file format is some format invented by AudioSoft to provide a legal way to get MP3's from the net. AIP files or AudioSoft parameter files seem to contain weakly encrypted authentication information... The buffer overflow occurs right in the decryption loop, there's no bounds checking there... When in doubt try out the attached proof of concept exploit (HACKME.AIP). I don't know whether they fixed that divide by zero bug yet in v2.74 (CRASH-ZEROES.AIP). I also don't know if the AudioSoft plugin is used by other music software. greetz, [ByteRage] <byterageat_private> http://elf.box.sk/byterage --- Tom Laermans <tom.laermansat_private> wrote: > Hi, > > >WINAMP 2.6x / 2.7x BUFFER OVERFLOW > > > >AFFECTED SYSTEMS > >Winamp 2.73 (full) > >[...] > >DESCRIPTION > > > >Winamp has a buffer overflow condition when parsing > >*.AIP files. (which are set to be automatically > downloaded without > >user intervention, just like the *.M3U / *.PLS > files) > > Actually, my copy of WinAmp (v2.74) does absolutely > nothing with .AIP > files, nor are they listed anywhere in the "File > Types" in the selection > box. What are they supposed to do, anyway? (I've > never heard of 'em before > either) > > Tom > > ------------------------------------------------- > Web: http://www.powersource.cx --- ICQ#: 12120754 > Also check this out: http://kickme.to/sidewinder > Need some cheats?? http://www.chaos-cheatbase.com > Keep Fido&BBS Alive! http://skynetbbs.dyns.cx > ------------------------------------------------- __________________________________________________ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/
This archive was generated by hypermail 2b30 : Fri May 11 2001 - 08:19:41 PDT