CVE-2005-0595
published 2005-05-02CVE-2005-0595: Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
60.08%
99.0th percentile
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| working_resources_inc | badblue | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by matching HTTP GET requests to /ext.dll with an excessively long mfcisapicommand parameter (>492 bytes triggers SEH overwrite). ↗
- →Flag HTTP requests to /ext.dll where the mfcisapicommand query string value exceeds ~490 bytes, as the SEH overwrite occurs at offset 492. ↗
- →The exploit payload contains known bad characters that are filtered by BadBlue; absence of these bytes in a large mfcisapicommand value is characteristic of crafted exploit traffic. ↗
- ·The Metasploit module return address (0x1003d9da) is specific to BadBlue 2.5 Universal; the standalone C exploit uses different ext.dll offsets (0x10025305 for Win2k, 0x100255B0 for WinXP/Win2003) — target selection must match the victim OS. ↗
- ·The patched version is BadBlue 2.61; versions 2.60 and below were not fully tested by the exploit author but are assumed vulnerable. ↗
- ·Six bad characters (0x00, 0x26, 0x20, 0x0A, 0x8C, 0x3C) are badly interpreted by BadBlue and must be avoided in shellcode; detection signatures should account for encoded/XOR-obfuscated payloads. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BadBlue 2.5 - 'ext.dll' Remote Buffer Overflow (Metasploit)
exploitdb·2010-07-07
CVE-2005-0595 BadBlue 2.5 - 'ext.dll' Remote Buffer Overflow (Metasploit)
BadBlue 2.5 - 'ext.dll' Remote Buffer Overflow (Metasploit)
---
##
# $Id: badblue_ext_overflow.rb 9719 2010-07-07 17:38:59Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HEAD', :pattern => [ /BadBlue\// ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::Seh
def initialize(info = {})
super(update_info(info,
'Name' => 'BadBlue 2.5 EXT.dll Buffer Overflow',
'Description' => %q{
This is a stack buffer overflow exploit for BadBlue version 2.5.
},
'Author' => 'acaro ',
'License' => BSD_LICENSE,
'Version' => '$R
Exploit-DB
BadBlue 2.5 - Easy File Sharing Remote Buffer Overflow
exploitdb·2005-02-27
CVE-2005-0595 BadBlue 2.5 - Easy File Sharing Remote Buffer Overflow
BadBlue 2.5 - Easy File Sharing Remote Buffer Overflow
---
/*
BadBlue, Easy File Sharing Remote BOverflow
Homepage: badblue.com
Affected version: v2.5 (2.60 and below not tested)
Patched version: v2.61
Link: badblue.com/bbs98.exe
Date: 27 February 2005
Application Risk: Severely High
Internet Risk: Low
Dicovery Credits: Andres Tarasco (atarasco _at_ sia.es)
Exploit Credits : class101 & metasploit.com
Hole History:
26-2-2005: BOF flaw published by Andres Tarasco of sia.es
27-2-2002: Hat-Squad.com releases an exploit
28-2-2005: haxorcitos releases a dupe with fake date :>
or you sux doing private stuffs.
Notes:
-6 bad chars, 0x00, 0x26, 0x20, 0x0A, 0x8C, 0x3C, badly interpreted by
BadBlue
-using offsets from ext.dll, universal.
-use findjmp2 to quick search into ext.dll to see
if th
Metasploit
BadBlue 2.5 EXT.dll Buffer Overflow
metasploit
BadBlue 2.5 EXT.dll Buffer Overflow
BadBlue 2.5 EXT.dll Buffer Overflow
This is a stack buffer overflow exploit for BadBlue version 2.5.
No writeups or analysis indexed.
2005-05-02
Published