Winamp LibSNDFile.DLL组件远程内存破坏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191052 漏洞类型 设计错误
发布时间 2007-04-10 更新时间 2007-04-11
CVE编号 CVE-2007-1921 CNNVD-ID CNNVD-200704-161
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2007040049
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-161
|漏洞详情
Winamp是一款流行的媒体播放器,支持多种文件格式。Winamp在试图播放特制的.MAT文件时存在内存破坏漏洞,远程攻击者可能利用此漏洞控制处理了恶意.MAT文件的用户机器。
|漏洞EXP
AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)
by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]>
http://www.piotrbania.com

Severity: 		Critical - Possible remote code execution.

Software affected: 	Tested on AOL Nullsoft Winamp v5.33 (x86) Feb 13 		 
2007 (on Windows XP SP1/SP2).

There exist a large possiblity that any other
			software that is using the LIBSNDFILE.DLL 					component should be 
considered as vulnerable.

Orginal url:	 
http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt

best regards,
pb

-- 
--------------------------------------------------------------------
Piotr Bania - <bania.piotr (at) gmail (dot) com [email concealed]> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

- "The more I learn about men, the more I love dogs."
|参考资料

来源:BID
名称:23351
链接:http://www.securityfocus.com/bid/23351
来源:BUGTRAQ
名称:20070406AOLNullsoftWinampLIBSNDFILE.DLLRemoteMemoryCorruption(OffByZero)
链接:http://www.securityfocus.com/archive/1/archive/1/464889/100/0/threaded
来源:MISC
链接:http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt
来源:VUPEN
名称:ADV-2007-1286
链接:http://www.frsirt.com/english/advisories/2007/1286
来源:OSVDB
名称:34432
链接:http://osvdb.org/34432
来源:XF
名称:winamp-libsndfile-code-execution(33481)
链接:http://xforce.iss.net/xforce/xfdb/33481
来源:SECTRACK
名称:1017886
链接:http://www.securitytracker.com/id?1017886
来源:SREASON
名称:2541
链接:http://securityreason.com/securityalert/2541
来源:SECUNIA
名称:24766
链接:http://secunia.com/advisories/24766
来源:MLIST
名称:[dailydave]20070406AOLNullsoftWinampLIBSNDFILE.DLLRemoteMemoryCorruption(OffByZero)
链接:http://marc.info/?l=dailydave&m=117589848432659&w=2