Hi all,
I have written a full disclosure buffer overflow
exploit for the winamp 2.63 buffer overflow found in
the M3U file parser...
Attached is a file called DROPPER.M3U, if you execute
the following commands in dos :
COPY /B DROPPER.M3U+C:\WINDOWS\CDPLAYER.EXE HACKME.M3U
when you click HACKME.M3U, the file will drop and
execute the appended exe file, CDPLAYER.EXE in this
case...
The CPP source for creating DROPPER.M3U is @
http://elf.box.sk/byterage/wa263bof.cpp
and more info can be got from
http://elf.box.sk/byterage/wa263.htm
I havent tested the exploit yet on 2.64 or underlying
versions, but if the versions of IN_MOD.DLL match,
those versions are vulnerable too...
greetz,
[ByteRage] http://elf.box.sk/byterage/
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/?.refer=text
dropper.m3u
