WINAMP.COM | Forums : Powered by vBulletin version 2.3.9 WINAMP.COM | Forums > Winamp > Winamp Bug Reports > Winamp 5.07 (latest version) Remote Crash + other stupid shizle
  Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
b0f
Junior Member

Registered: Dec 2004
From:

Winamp 5.07 (latest version) Remote Crash + other stupid shizle

Winamp 5.07 (latest version) Remote Crash.
+ vuln to cause 100% cpu usage.

13/12/04

I. BACKGROUND

Winamp is a very popular windows audio
and video player. It also has alot
of other features and is used by
millions of people across the world.


II. DESCRIPTION

VULN 1.

There is a vuln in winamp's handling of .mp4
and .m4a files. Which when exploited can
remotly crash the victims winamp.

The vuln lies in the .mp4 tagging system
which winamp uses.If you use winamps built
in feature to edit the tags on .mp4 or .m4a
files and insert any data in there the next
time the file is opened it will instantly
crash winamp.

now how to crash it remotly.

if we create a .pls file contaning the data

[playlist]
numberofentries=5
File1=http://b0f.pwp.blueyonder.co.uk/a.mp4
Title1=
Length5=-1
Version=2


and make a html page containing an iframe linking
to the .pls like.

<html>
<iframe
src="http://b0f.pwp.blueyonder.co.uk/exp2.pls">

now if the victim clicks a link to a page like

URL submitted by user.

it will auto open up the .pls file and load the .mp4
file into winamp and crash it.

This could also be done with .m3u instead of .pls

VULN 2.

This one is simple if you create say a 1mb file
probably smaller filled with junk and name it
with either .nsv or .nsa file extension.
When opened in winamp it will cause 100% cpu
usage. The bigger the size of the file the
more it will probably slow down the system.


III. ANALYSIS

Vuln 1.
Successful exploitation allows remote attackers to
crash the victims winamp.

Vuln 2.
Successful exploitation causes 100% cpu usage.

IV. DETECTION

This has been confirmed in the latest version of
winamp
5.07 and probably vuln in earlier versions.


V. WORKAROUND

Don't open suspicous .mp4 .m4a .nsa or .nsv files or
click untrusted links.


VI. VENDOR

The vendor has not been contacted.
Why bother ? one asks

VII. CREDIT

Alan M aka b0f
(b0fnet at yahoo.com)

P.S Buy Tupac - Loyal to the Game
out 14/12/04

Quick Link | Report this post to a moderator | IP: Logged

b0f is offline Old Post 12-13-2004 07:20 PM
Click Here to See the Profile for b0f Click here to Send b0f a Private Message Click Here to Email b0f Find more posts by b0f Add b0f to your buddy list Edit/Delete Message Reply w/Quote
DJ Egg
Moderator

Registered: Jun 2000
From:

The in_mp4 issue is fixed for the next release. Thanks.

in_nsv behaves as you described by design....

Quote:

"The nsv issue, while its annoying, it's the exact behavior we want. NSV is a bitstream and we search through a file looking for the NSV markers. If we don't find one, we cant play. This can cause high cpu load for a short amount of time."

__________________

Quick Link | Report this post to a moderator | IP: Logged

DJ Egg is offline Old Post 12-14-2004 09:25 PM
Click Here to See the Profile for DJ Egg Click here to Send DJ Egg a Private Message Find more posts by DJ Egg Add DJ Egg to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 07:57 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread
WINAMP.COM | Forums : Powered by vBulletin version 2.3.9 WINAMP.COM | Forums > Winamp > Winamp Bug Reports > Winamp 5.07 (latest version) Remote Crash + other stupid shizle
Show Printable Version
 | 
Email this Page
 | 
Subscribe to this Thread

Forum Jump:
 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is off
vB code is ON
Smilies are ON
[IMG] code is ON