CVE-2006-0720

Nullsoft Winamp 5.12 and 5.13 - Stack-Based Buffer Overflow via Crafted .m3u File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0720. PoCs published by superkojiman.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in Winamp 5.12 via a crafted .m3u file. It includes an egghunter and a bind shell payload to achieve remote code execution when the file is processed by Winamp.

Description

Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by superkojiman · pythonlocalwindows

https://www.exploit-db.com/exploits/26245

View Code ZIP pw:eip

This exploit leverages a stack-based buffer overflow in Winamp 5.12 via a crafted .m3u file. It includes an egghunter and a bind shell payload to achieve remote code execution when the file is processed by Winamp.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Winamp 5.12

No auth needed

Prerequisites: Winamp 5.12 installed on target system · Ability to deliver crafted .m3u file to victim

MITRE ATT&CK