Bug: Atomix Mp3 Buffer Overflow ( Ascii Version )

Search:
WLB2

Atomix Mp3 Buffer Overflow

Published
Credit
Risk
2007.05.12
preth00nker
High
CWE
CVE
Local
Remote
N/A
CVE-2007-2487
Yes
No

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

#####################################################
###
### << Buffer OverFlow >>
### A T O M I X M P 3
###
### Preth00nker [at] gmail [dot] com
### BY PRETH00NKER
### http://mexhackteam.org
###
### an spetial dedication to my friends Shaka & 1tachi
###
######################################################

[ Introduction ]

(*)Buffer Overflow or B0F: it is caused by a saturation
on the stack at the momento when a strcpy() function is
called and the string is LONGER than hoped.

(*)AtomixMP3, it is an MP3 DJ mix software, was developed
to make the technical aspect of djing literally as simple
as clicking a mouse.

[ Explanation ]

When Atomix.exe load the MP3 available in the computer realize
an strcpy function for allocate the route of the file, the risk
comes when the name's file exceed the buffer located previously,
it cause an overflow leaving the posibility for execute
arbitrary code into the machine.

[ Exploit ]

http://www.mexhackteam.org/prethoonker/descargas/Atomixb0f.zip

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version