CVE-2004-1569

dBpowerAMP Audio Player and Music Converter - Buffer Overflow via Long Filename in Playlist

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1569. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup describes buffer overflow vulnerabilities in dbPowerAmp Music Converter and Player, where malformed .pls or .m3u playlists can overwrite EIP, leading to arbitrary code execution or denial of service. The buffer sizes differ between applications (215 bytes for MusicConverter.exe, 265 bytes for playlist.exe and amp.exe).

Description

Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textlocalwindows

https://www.exploit-db.com/exploits/43816

View Code ZIP pw:eip

The writeup describes buffer overflow vulnerabilities in dbPowerAmp Music Converter and Player, where malformed .pls or .m3u playlists can overwrite EIP, leading to arbitrary code execution or denial of service. The buffer sizes differ between applications (215 bytes for MusicConverter.exe, 265 bytes for playlist.exe and amp.exe).

Classification

Writeup 90%

Attack Type

Rce | Dos

Complexity

Trivial

Reliability

Reliable

Target: dbPowerAmp Music Converter <= 2.0, dbPowerAmp Player <= 10.0

No auth needed

Prerequisites: Victim must open or mouseover a malformed playlist file

MITRE ATT&CK