OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ryan Permeh (ryanEEYE.COM)
Date: Mon Apr 02 2001 - 12:27:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    if it overflows, chances are very good that the offsets and hardcoded
    addresses are just wrong.
    Signed,
    Ryan Permeh
    eEye Digital Security Team
    http://www.eEye.com/Retina -Network Security Scanner
    http://www.eEye.com/Iris -Network Traffic Analyzer

    ----- Original Message -----
    From: "Jon Miller" <jonathanwmillerHOTMAIL.COM>
    To: <VULN-DEVSECURITYFOCUS.COM>
    Sent: Monday, April 02, 2001 2:17 AM
    Subject: Re: > Winamp 2.63 buffer overflow exploit

    unfortunately this doesn't work in Windows 2000 Server SP1, with winamp
    2.73. I don't know what OS you are running but all it does is overflow
    winamp, and it doesn't launch the other program that was appended....

    h-dink

    ----- Original Message -----
    From: "truename" <xiutouNETEASE.COM>
    To: <VULN-DEVSECURITYFOCUS.COM>
    Sent: Sunday, April 01, 2001 6:59 PM
    Subject: > Winamp 2.63 buffer overflow exploit

    >
    > winamp 2.73 also have this bug,
    >
    >
    > hahahahahahahahahahahahahahahaha
    > >
    > >Hi all,
    > >
    > >I have written a full disclosure buffer overflow
    > >exploit for the winamp 2.63 buffer overflow found in
    > >the M3U file parser...
    > >Attached is a file called DROPPER.M3U, if you execute
    > >the following commands in dos :
    > >COPY /B DROPPER.M3U+C:\WINDOWS\CDPLAYER.EXE HACKME.M3U
    > >when you click HACKME.M3U, the file will drop and
    > >execute the appended exe file, CDPLAYER.EXE in this
    > >case...
    > >The CPP source for creating DROPPER.M3U is
    > >http://elf.box.sk/byterage/wa263bof.cpp
    > >and more info can be got from
    > >http://elf.box.sk/byterage/wa263.htm
    > >
    > >I havent tested the exploit yet on 2.64 or underlying
    > >versions, but if the versions of IN_MOD.DLL match,
    > >those versions are vulnerable too...
    > >
    > >greetz,
    > >[ByteRage] http://elf.box.sk/byterage/
    > >
    > >__________________________________________________
    > >Do You Yahoo!?
    > >Get email at your own domain with Yahoo! Mail.
    > >http://personal.mail.yahoo.com/?.refer=text
    >
    > 网易动画站带你走进神奇快乐的动画世界,
    > 有电影、有游戏、还有MTV!千万别错过了!
    > http://cartoon.163.com
    > 我们正在进行FLASH游戏的征稿活动,静待高手的来临!
    >