← Advisories

Nullsoft Winamp 5.581 (wnaspi32.dll) DLL Hijacking Exploit

High
Advisory ID
ZSL-2010-4958
Release Date
26 August 2010
Vendor
Nullsoft - http://www.winamp.com
Affected Version
5.581 (x86)
CVE
CVE-2010-3137
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

Winamp is a media player for Windows-based PCs, written by Nullsoft, now a subsidiary of AOL. It is proprietary freeware/shareware, multi-format, extensible with plug-ins and skins, and is noted for its graphical sound visualization, playlist, and media library features.

Description

Winamp 5.581 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .669, .aac, .aiff, .amf, .au, .avr, .b4s, .caf and .cda thru wnaspi32.dll and dwmapi.dll libraries.

Proof of Concept
winamp_dll.cTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/14789
[2]http://www.packetstormsecurity.org/filedesc/winamp_dll.txt.html
[3]http://securityreason.com/exploitalert/8771
[4]http://www.vupen.com/english/advisories/2010/2195
[5]http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[6]http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[7]http://osvdb.org/show/osvdb/67532
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3137
[9]http://www.securityfocus.com/bid/42747
[10]https://hacking-etico.com/2015/07/15/dll-hijacking-comprobando-la-vulnerabilidad/#more-4581
Changelog
26.08.2010Initial release
27.08.2010Added reference [1], [2], [3], [4], [5] and [6]
28.08.2010Added reference [7]
31.08.2010Added reference [8]
02.09.2010Added reference [9]
13.01.2018Added reference [10]