AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)

To: SBUGTRAQ <bugtraq@xxxxxxxxxxxxxxxxx>, dailydave@xxxxxxxxxxxxxxxxxxxxx, FULLDISC <full-disclosure@xxxxxxxxxxxxxxxxx>, vuln@xxxxxxxxxxx
Subject: AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)
From: Piotr Bania <bania.piotr@xxxxxxxxx>
Date: Fri, 06 Apr 2007 11:46:53 +0200
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=UVIZgJWkLrCfzKuL13ErafuLPYpUDaY8OlKRIpnlWIPsKqDXzTWUvjON3arXNDpJ40WBiqQJSwEGTqvwxVn62Ah2UqNL/nFOIoaTsF1TDNg2LI3A3yxVpAIscyaJPGTdCfMT24oxYUZsM7jtJHsobhjyVksv89df7uAa0ZpZ0C4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=ETjMP7vUE+kZQjOnUwHD9nfhEsnnC2OJyuRVf++u6/iguh3gU3JO0/G2PM/N+0fqtmMHfbdv37WmFuvSVTWHFzYgG6UulM1XxBNgD4j0/WovS0w2kMZgYv7ql53KTih8QRb5UlLDheKQHYpwK9lzMQrMzyQihZb8APTlLzDaMUU=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)
by Piotr Bania <bania.piotr@xxxxxxxxx>
http://www.piotrbania.com


Severity:               Critical - Possible remote code execution.

Software affected: Tested on AOL Nullsoft Winamp v5.33 (x86) Feb 132007 (on Windows XP SP1/SP2).


                        There exist a large possiblity that any other

software that is using the LIBSNDFILE.DLL component should beconsidered as vulnerable.

Orginal url:http://www.piotrbania.com/all/adv/nullsoft-winamp-libsndfile-adv.txt





best regards,
pb

--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@xxxxxxxxx> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://www.piotrbania.com  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

              - "The more I learn about men, the more I love dogs."

Prev by Date: livor 2.5 Cross-Site Scripting Vulnerability
Next by Date: AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption
Previous by thread: livor 2.5 Cross-Site Scripting Vulnerability
Next by thread: AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption
Index(es):
- Date
- Thread