CVE-2013-4694
published 2014-04-16CVE-2013-4694: Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
17.21%
96.7th percentile
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | winamp | <= 5.63 | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
| nullsoft | winamp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Winamp 5.63 - 'winamp.ini' Local Overflow
exploitdb·2013-08-26
CVE-2013-4694 Winamp 5.63 - 'winamp.ini' Local Overflow
Winamp 5.63 - 'winamp.ini' Local Overflow
---
# Exploit Title: winampevilskin.py
# Date: 25 August 2013
# Exploit Author: Ayman Sagy
# Vendor Homepage: http://www.winamp.com/
# Version: 5.63
# Tested on: Windows XP Professional SP3 Version 2002
# CVE : 2013-4694
#
# Ayman Sagy August 2013
#
# This is an exploit for Bug #1 described in http://www.exploit-db.com/exploits/26558/
# Credit for discovering the vulnerability goes to Julien Ahrens from Inshell Security
#
# The exploit will generate a winamp.ini file that will cause winamp to run the payload upon startup
#
#
# I tried an alpha3 encoded egghunter but could not fit it in a single buffer and unfortunately it did not work, it wrote an invalid address on the stack then tried to access it
# If you can make it work or find a solution fo
Exploit-DB
Winamp 5.63 - Stack Buffer Overflow
exploitdb·2013-07-02·CVSS 7.5
CVE-2013-4694 [HIGH] Winamp 5.63 - Stack Buffer Overflow
Winamp 5.63 - Stack Buffer Overflow
---
Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
Product: WinAmp
Vendor URL: www.winamp.com
Type: Stack-based Buffer Overflow [CWE-121]
Date found: 2013-06-05
Date published: 2013-07-01
CVSSv2 Score: Bug #1: 7,5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Bug #2: 3,7 (AV:L/AC:H/Au:N/C:P/I:P/A:P)
CVE: CVE-2013-4694
2. CREDITS
These vulnerabilities were discovered and researched by Julien Ahrens
from Inshell Security.
3. VERSIONS AFFECTED
WinAmp v5.63, older versions may be affected too.
4. VULNERABILITY DESCRIPTION (BUG #1)
The application loads the directories in %PROGRAMFILES%\WinAmp\Skins on
startup to determine the skins that have been installed and to list them
in the application menu point "Skins" and in the Skins Browser. But
No writeups or analysis indexed.
http://forums.winamp.com/showthread.php?t=364291http://osvdb.org/94739http://osvdb.org/94740http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/122978http://seclists.org/fulldisclosure/2013/Jul/4http://www.exploit-db.com/exploits/26558http://www.securityfocus.com/bid/60883http://www.securitytracker.com/id/1030107https://exchange.xforce.ibmcloud.com/vulnerabilities/85399https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695http://forums.winamp.com/showthread.php?t=364291http://osvdb.org/94739http://osvdb.org/94740http://packetstormsecurity.com/files/122239/WinAmp-5.63-Buffer-Overflow.htmlhttp://packetstormsecurity.com/files/122978http://seclists.org/fulldisclosure/2013/Jul/4http://www.exploit-db.com/exploits/26558http://www.securityfocus.com/bid/60883http://www.securitytracker.com/id/1030107https://exchange.xforce.ibmcloud.com/vulnerabilities/85399https://www.rcesecurity.com/2013/07/winamp-v5-64-fixes-several-code-execution-vulnerabilities-cve-2013-4694-cve-2013-4695
2014-04-16
Published