Winamp has just released their 5.12 version last December 9, 2005, and now a new exploit for the new version is out. FR-SIRT already released and advisory(as well as the PoC) and yes, it works. As described in the attack vector: “make a html page containing an iframe linking to the.pls file.”The author also.
The Nullsoft Database Engine powers the local media library, history, and the CD metadata database. It is relative simple and has a small query language. Most winamp data can be found in the file 'main.dat', which on Windows machines is usually stored in a location like 'C:Documents and Settings<username>Application DataWinampPluginsml' (citation needed).
- Wasabi: Winamp Service Architecture Binary Interface. A system to allow sharing of C objects between different plugins and components. Think of it as a very lightweight version of COM. Agave: project codename for Winamp 5.12 (when the Wasabi service manager was merged into Winamp 5. It may or may not have involved a lot of tequila).
- Winamp 5.623 is based on the Winamp 2 codebase, with several Winamp3 features incorporated and more general tweaks, improvements, fixes and optimizations. Winamp Player 5.623 is a flexible and sophisticated application for playing and managing your music.
For more information describing the Nullsoft Database Engine format, see here.
Winamp 5.12 Buffer Overflow
- NDEPHP - an open source project that can read the database using PHP.
Nullsoft Winamp is a fast, flexible,
high-fidelity music player for Windows. Winamp supports CD, MP3, WAV,
Audiosoft, Audio Explosion, MOD and other audio formats, custom
appearances called skins, plus audio visualization and audio effect
plug-ins. Additional features including free-form skins, a new decoder,
built-in cross fade, and an advanced Media Library.
* Fixed [in_mp3] extremely critical security vulnerability
Download: Winamp 5.13 Full (5.2MB) Pro (5.2MB) Lite (875KB)
Screenshot: >> Click here <<
View: Product Website
This new build of Winamp is the same as 5.12 but with the above
security fix implemented. For more information about the security
vulnerability see this thread. It is highly
recommended that you upgrade to this version of Winamp as your main
version. Not doing so is at your own risk due to the potential nature
of the vulnerability.