[10569] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Buffer overflow in WinAMP 2.x

daemon@ATHENA.MIT.EDU (William Yodlowsky)
Mon May 17 17:29:41 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.3.96.990514153626.3783A-100000@route1.nj.devry.edu>
Date: 	Fri, 14 May 1999 15:56:28 -0400
Reply-To: William Yodlowsky <wyodlows@route1.nj.devry.edu>
From: William Yodlowsky <wyodlows@ROUTE1.NJ.DEVRY.EDU>
X-To:         Wojtek Kaniewski <wojtekka@BYDNET.COM.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <37395FD3.63849D57@bydnet.com.pl>

Tested on WinAMP	v2.091 on Win95A and Win95B;
		 	v2.21 on Win98;
			v1.9? and v2.21 on WinNT 4.0WS

It produced GPFs on all except WinNT, where it opened but simply didn't
play.

--Bill
<wyodlowsky@route1.nj.devry.edu>
On Wed, 12 May 1999, Wojtek Kaniewski wrote:

> Introduction
> ------------
> WinAMP is a popular Windows sound player with support for many file
> formats (MP3, wave files, modules). It also supports MP3 streaming
> (let's call it sh0utcast).
>
> Description of the problem
> --------------------------
> If we tell WinAMP to open file location (Ctrl+L) which is over 256
> bytes long, it'll produce nice GPF. The bug also appears when loading
> playlists (.m3u and .pls)
>
> What can we do with this bug?
> -----------------------------
> Many sh0utcast radios place .pls files on their websites, which contain
> URL for radio's sh0utcast server.
>
> If we'll make b00m.pls file like this...
>
>   [playlist]
>   NumberOfEntries=1
>   File1=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... (about 256 A's)
>
> and put such link...
>
>   <A HREF="b00m.pls">Techno explosion -- The Coolest MP3 Radio</A>
>
> on our website, we can make couple of WinAMPs crash. I suppose, that
> there's a possibility to put our own code in the filename (see cDc-351
> for details).
>
> Nullsoft (producer of WinAMP) has been noticed about the bug two
> versions ago.
>
> --
> wojtekka@irc.pl :: http://wojtekka.stone.pl/ :: ^wojtekka@ircnet
>

home help back first fref pref prev next nref lref last post