Nullsoft winamp mp3 ID3v2 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108938 漏洞类型 缓冲区溢出
发布时间 2005-07-15 更新时间 2007-03-30
CVE编号 CVE-2005-2310 CNNVD-ID CNNVD-200507-233
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/25989
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-233
|漏洞详情
NullsoftWinamp是美国Nullsoft公司开发的一套免费的媒体播放器软件,现为美国在线(AOL)旗下产品之一。该软件支持多种媒体格式、皮肤更换和插件扩展等,同时也具备最基本的播放列表和媒体库功能。Winamp5.03a,5.09和5.091,以及5.094之前的其他版本存在缓冲区溢出漏洞。攻击者可以通过超长ID3v2标签(如ARTIST或TITLE),使winamp在处理mp3文件时产生缓冲区溢出,从而执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/14276/info

Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer.

This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.

Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25989.mp3
|参考资料

来源:www.winamp.com
链接:http://www.winamp.com/player/version_history.php
来源:BID
名称:14276
链接:http://www.securityfocus.com/bid/14276
来源:OSVDB
名称:17897
链接:http://www.osvdb.org/17897
来源:VUPEN
名称:ADV-2005-1106
链接:http://www.frsirt.com/english/advisories/2005/1106
来源:SECTRACK
名称:1014483
链接:http://securitytracker.com/id?1014483
来源:MISC
链接:http://security.lss.hr/index.php?page=details&ID=LSS-2005-07-14
来源:SECUNIA
名称:16077
链接:http://secunia.com/advisories/16077