unfortunately this doesn't work in Windows 2000 Server SP1, with winamp 2.73. I don't know what OS you are running but all it does is overflow winamp, and it doesn't launch the other program that was appended....

h-dink

----- Original Message -----
From: "truename" <xiutouNETEASE.COM>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: Sunday, April 01, 2001 6:59 PM
Subject: > Winamp 2.63 buffer overflow exploit

>
> winamp 2.73 also have this bug,
>
>
> hahahahahahahahahahahahahahahaha
> >
> >Hi all,
> >
> >I have written a full disclosure buffer overflow
> >exploit for the winamp 2.63 buffer overflow found in
> >the M3U file parser...
> >Attached is a file called DROPPER.M3U, if you execute
> >the following commands in dos :
> >COPY /B DROPPER.M3U+C:\WINDOWS\CDPLAYER.EXE HACKME.M3U
> >when you click HACKME.M3U, the file will drop and
> >execute the appended exe file, CDPLAYER.EXE in this
> >case...
> >The CPP source for creating DROPPER.M3U is
> >http://elf.box.sk/byterage/wa263bof.cpp
> >and more info can be got from
> >http://elf.box.sk/byterage/wa263.htm
> >
> >I havent tested the exploit yet on 2.64 or underlying
> >versions, but if the versions of IN_MOD.DLL match,
> >those versions are vulnerable too...
> >
> >greetz,
> >[ByteRage] http://elf.box.sk/byterage/
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Get email at your own domain with Yahoo! Mail.
> >http://personal.mail.yahoo.com/?.refer=text
>
> ÍøÒ׶¯»­Õ¾´øÄã×ß½øÉñÆæ¿ìÀֵĶ¯»­ÊÀ½ç£¬
> ÓеçÓ°¡¢ÓÐÓÎÏ·¡¢»¹ÓÐMTV£¡Ç§Íò±ð´í¹ýÁË£¡
> http://cartoon.163.com
> ÎÒÃÇÕýÔÚ½øÐÐFLASHÓÎÏ·µÄÕ÷¸å»î¶¯£¬¾²´ý¸ßÊÖµÄÀ´ÁÙ£¡
>

• application/x-pkcs7-signature attachment: smime.p7s

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]