winamp 2.79 exploit

Printable View

April 27th, 2002, 05:44 PM
zigar

winamp 2.79 exploit

ALERT

AN EMERGING ISSUE WITH:
WINAMP 2.79
SEVERITY:
Medium

DATE:
April 26, 2002

SUMMARY:
On April 25, security researcher Andreas Sandblad published
information regarding a buffer overflow vulnerability in the popular
MP3 player, Winamp. This vulnerability could allow an attacker to
execute code on a computer system, with the permissions of the
logged in user. There is no direct impact on WatchGuard's products.
Administrators with vulnerable systems are encouraged to download
and install the patched version of Winamp now available on the
Winamp web site.

EXPOSURE:

The MP3 file format allows for a URL to be embedded in the file.
Typically, when such an MP3 file is played, the player uses this URL
to contact a Web site and download lyrics, general information about
the song, or advertisements. Sandblad found a way to construct the
embedded URL so that it would be able to overflow
<https://www3.watchguard.com/archive/....asp?pack=1188> the
memory address allocated for the purpose of contacting the Web, and
then execute code of the attacker's choosing. Potentially, this code
could be used to accomplish anything a legitimate user could do,
such as adding or deleting files or reformatting the hard drive.

SOLUTION PATH:

Regardless of what WatchGuard product you use, your primary recourse
is to download and install the new player (version 2.80) from
Winamp.

STATUS:

A new version of Winamp is available from Winamp.com.
<http://www.winamp.com/download>
April 27th, 2002, 05:59 PM
Guus

Well, I can see some useful use of this bug... "Play that Britney Spears song one more time and I swear I shall hack your computer!"
April 27th, 2002, 06:58 PM
gstudios

lol - Now, now Guus. Don't forget N*SYNC, BackStreet Boys, and all those other boy-bands.

Thanks, Zigar for the heads up. Wonder if 2.78 is affected? Probably.
April 27th, 2002, 07:39 PM
tyger_claw

I'm using winamp 2.78 and I'm going to try the patch... just in case....<:(

I like Guus' post, right on! (Don't forget Celine Dion!)
April 27th, 2002, 08:06 PM
ArmyOfOne

I use the beta, guess it's not affected... how exactly do you overflow the memory? Is it by putting an extremely long url there, or would you just embed a link to a file like www.blah.com/re-format.bat ? Just curious.
April 29th, 2002, 08:05 PM
zigar

just bumping this up since i posted this on saturday and some may have missed it...
April 29th, 2002, 08:40 PM
souleman

Yup, I missed it, although I have heard about it already ;)