CVE-2007-4466
published 2007-10-09CVE-2007-4466: Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
30.89%
98.0th percentile
Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for instantiation of the ActiveX ProgID 'SnoopyX.SnoopyCtrl.1' in browser contexts, which is the vulnerable control targeted by this exploit. ↗
- →Detect heap spray targeting address 0x0c0c0c0c with a block size of 0x40000, a pattern characteristic of this exploit's JavaScript heap spray technique. ↗
- →Alert on overly long string arguments passed to the CheckRequirements() method of the SnoopyCtrl ActiveX control (NPSnpy.dll), as this is the specific vulnerable method exploited. ↗
- →The exploit uses JavaScript obfuscation; look for obfuscated JS instantiating ActiveXObject with SnoopyCtrl-related ProgIDs in web traffic. ↗
- ·The Metasploit module targets Windows XP SP0-SP3 and Windows Vista with IE 6.0 SP0-SP2 and IE 7; the exploit may not function outside these platform/browser combinations. ↗
- ·The payload space is limited to 1024 bytes and null bytes (0x00) are bad characters, which constrains usable shellcode. ↗
- ·EXITFUNC is set to 'process', meaning successful exploitation will terminate the browser process on exit rather than using a thread-safe exit. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Electronic Arts SnoopyCtrl - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-11-11
CVE-2007-4466 Electronic Arts SnoopyCtrl - ActiveX Control Buffer Overflow (Metasploit)
Electronic Arts SnoopyCtrl - ActiveX Control Buffer Overflow (Metasploit)
---
##
# $Id: ea_checkrequirements.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl
ActiveX Control (NPSnpy.dll 1.1.0.36. When sending a overly long
string to the CheckRequirements() method, an attacker may be able
to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author
Metasploit
Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow
metasploit
Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow
Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl ActiveX Control (NPSnpy.dll 1.1.0.36. When sending an overly long string to the CheckRequirements() method, an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://osvdb.org/37723http://secunia.com/advisories/27143http://www.kb.cert.org/vuls/id/179281http://www.securityfocus.com/bid/25970http://www.vupen.com/english/advisories/2007/3415https://exchange.xforce.ibmcloud.com/vulnerabilities/37020http://osvdb.org/37723http://secunia.com/advisories/27143http://www.kb.cert.org/vuls/id/179281http://www.securityfocus.com/bid/25970http://www.vupen.com/english/advisories/2007/3415https://exchange.xforce.ibmcloud.com/vulnerabilities/37020
2007-10-09
Published