CVE-2007-1037
published 2007-02-21CVE-2007-1037: Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.54%
91.8th percentile
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rsbr-software | news_file_grabber | <= 4.1.0.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (1)
exploitdb·2007-02-19
CVE-2007-1037 News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (1)
News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (1)
---
source: https://www.securityfocus.com/bid/22617/info
News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
#!/usr/bin/perl
# ===============================================================================================
# News File Grabber Subject Line Stack Buffer Overflow perl exploit
# By Parveen vashishtha ([email protected])
# =========================
Exploit-DB
News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (2)
exploitdb·2007-02-19
CVE-2007-1037 News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (2)
News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (2)
---
// source: https://www.securityfocus.com/bid/22617/info
News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
/*********************************************************************************************\
*
*
* NZB Generic 0Day DoS Exploit
*
* Proofs of Concept for News File Grabber, NewsBin, Grabit, NewsReactor
and News Rover *
*
*
*
*
* Bugs in News Rover 100% and t
No writeups or analysis indexed.
http://osvdb.org/33252http://secunia.com/advisories/24237http://www.securityfocus.com/bid/22617http://www.vupen.com/english/advisories/2007/0662https://exchange.xforce.ibmcloud.com/vulnerabilities/32577http://osvdb.org/33252http://secunia.com/advisories/24237http://www.securityfocus.com/bid/22617http://www.vupen.com/english/advisories/2007/0662https://exchange.xforce.ibmcloud.com/vulnerabilities/32577
2007-02-21
Published