Vulnerabilidad en Winamp 3.0

################################################## ###*
# Damage Hacking Group security advisory
# www.dhgroup.org
################################################## ###*
#Product: WinAmp v.3.0 final (not beta :)) bld #488
#Authors: NullSoft, Inc. [www.winamp.com]
#Vulnerable versions: up to v.3.0
#Not vulnerable: all that doesn't support b4s-lists
#Vulnerability: buffer overflow (& code execution)
################################################## ###*

#Overview#--------------------------------------------------------------#
IMHO, this is the most popular media player under win32-platforms.

#Problem#---------------------------------------------------------------#
First, what is b4s?
WinAmp allows u to save your mp3-list to *.b4s-files. This is something
like *.m3u-lists, but b4s uses XML for it's work. Here is example of one
b4s-file (# - comments):

<?xml version="1.0" encoding='UTF-8' standalone="yes"?>
<WinampXML>
<!-- Generated by: Nullsoft Winamp3 version 3.0 -->
<playlist num_entries="[number_of_entries]" label="[playlist_name]"> #(1)

#first entry
<entry Playstring="file:[patch_to_file]"> #(2)
<Name>[name_of_the_song]</Name>
<Length>[file_size_in_byts]</Lengt>
</entry>
#end of first entry

</playlist>
</WinampXML>
.....

Continua en..... http://online.securityfocus.com/archive/1/305239

TseTse