CVE-2008-0311
published 2008-04-06CVE-2008-0311: Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland…
PriorityP267critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
31.02%
98.0th percentile
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| borland | caliberrm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x81\xc4\x54\xf2\xff\xff
- →Monitor for large HTTP GET requests sent to TCP port 3057 (STMulticastService default port), particularly requests exceeding 511 bytes targeting the PGMWebHandler::parse_request function. ↗
- →Detect the stack-adjustment prepend encoder byte sequence \x81\xc4\x54\xf2\xff\xff in payloads delivered to port 3057, indicative of the Metasploit module's shellcode preparation. ↗
- →Flag HTTP requests to port 3057 containing bad-character-free shellcode blobs; the exploit avoids bytes: \x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c. ↗
- →Alert on return-address values 0x7c5729db or 0x71ae1f9b appearing within network traffic to port 3057, corresponding to known exploit targets for Windows 2000 SP4 and Windows 2003 SP0. ↗
- ·The Metasploit module targets only Windows 2000 SP4 English and Windows 2003 SP0 English with hardcoded return addresses; exploitation against other OS versions or service packs requires different return addresses and may fail. ↗
- ·The exploit uses a payload space of only 600 bytes and requires a stack adjustment of -3500 bytes; inline payloads are noted to work best, meaning staged payloads may be unreliable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Borland CaliberRM - StarTeam Multicast Service Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2008-0311 Borland CaliberRM - StarTeam Multicast Service Buffer Overflow (Metasploit)
Borland CaliberRM - StarTeam Multicast Service Buffer Overflow (Metasploit)
---
##
# $Id: borland_starteam.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Borland CaliberRM StarTeam Multicast Service Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Borland CaliberRM 2006. By sending
a specially crafted GET request to the STMulticastService, an attacker may be
able to execute arbitrary code.
},
'Author' => 'MC',
'Version' => '$Revision: 9525 $',
'References' =>
[
[ 'C
Metasploit
Borland CaliberRM StarTeam Multicast Service Buffer Overflow
metasploit
Borland CaliberRM StarTeam Multicast Service Buffer Overflow
Borland CaliberRM StarTeam Multicast Service Buffer Overflow
This module exploits a stack buffer overflow in Borland CaliberRM 2006. By sending a specially crafted GET request to the STMulticastService, an attacker may be able to execute arbitrary code.
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675http://secunia.com/advisories/29631http://securitytracker.com/id?1019786http://www.securityfocus.com/bid/28602http://www.vupen.com/english/advisories/2008/1100https://exchange.xforce.ibmcloud.com/vulnerabilities/41647http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675http://secunia.com/advisories/29631http://securitytracker.com/id?1019786http://www.securityfocus.com/bid/28602http://www.vupen.com/english/advisories/2008/1100https://exchange.xforce.ibmcloud.com/vulnerabilities/41647
2008-04-06
Published