Winamp mIRC plugin vulnerability

Affected Software

Nullsoft mIRC Control Plug-in v0.6 (gen_mirc.dll) and other versions
mIRC Control EX Plug-In V 2.00 (gen_ircex.dll) and other versions
mIRCPlug v1.0,1.2 (gen_mircplug.dll)
… maybe other plugins?

Description

These plugins allow Winamp to notify mIRC of what track you are playing. The user can configure what command the plugin sends to mIRC, e.g. “/set %currentsong %s”, where %s is replaced by the name of the current song, as in the ID3v tag.
By putting a “|” (command separation character) and mIRC-commands in the ID3v-tag and tricking the user into playing the mp3, an attacker can take full control over a victims computer.

Exploit

Setting the songname in the ID3v tag of an mp3 to “t | /run notepad” and playing it with winamp, with the plugin installed and enabled and mIRC running, would start notepad.
notepad.mp3

Winamp mIRC plugin vulnerability

Affected Software

Description

Exploit

Menu

Recent Posts

Archives

Search