CVE-2008-1491
published 2008-03-25CVE-2008-1491: Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to…
PriorityP272critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
70.13%
99.3th percentile
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asus | remote_console | — | — |
| asus | remote_console | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x89\xe6\xdb\xdd\xd9\x76\xf4\x5e\x56\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41
- →The Metasploit module sends a sploit buffer of ~6032+ bytes to TCP/623; a single TCP segment or session with payload length significantly exceeding normal IPMI/RMCP traffic on port 623 is suspicious. ↗
- →SEH-based exploitation: look for the p/p/r gadget address 0x0040273b appearing in network traffic to TCP/623 as a 4-byte little-endian sequence (\x3b\x27\x40\x00). ↗
- →The exploit targets DpcProxy.exe (ASUS ASMB3/ARC Remote Console); presence of this process listening on TCP/623 on a Windows host indicates an attack surface for CVE-2008-1491. ↗
- ·The Metasploit module targets only version 2.0.0.19 with a universal return address; the exploit-db PoC also targets 2.0.0.16. Versions 2.0.0.24 are stated as vulnerable in the NVD but the specific return address/offset may differ. ↗
- ·Payload space is constrained to 400 bytes in the Metasploit module; staged or larger payloads will not fit without modification. ↗
- ·EXITFUNC is set to 'process' in the Metasploit module (not 'seh' as in the standalone PoC), meaning successful exploitation terminates the DpcProxy process. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Asus Dpcproxy - Remote Buffer Overflow (Metasploit)
exploitdb·2010-06-22
CVE-2008-1491 Asus Dpcproxy - Remote Buffer Overflow (Metasploit)
Asus Dpcproxy - Remote Buffer Overflow (Metasploit)
---
##
# $Id: asus_dpcproxy_overflow.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Asus Dpcproxy Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Asus Dpcroxy version 2.0.0.19.
It should be vulnerable until version 2.0.0.24.
Credit to Luigi Auriemma
},
'Author' => 'Jacopo Cervini',
'Version' => '$Revision: 9583 $',
'References' =>
[
[ 'CVE', '2008-1491' ],
[ 'OSVDB', '43638' ],
[ 'BID', '28394' ],
],
'DefaultOption
Exploit-DB
ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow
exploitdb·2008-05-29
CVE-2008-1491 ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow
ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow
---
/* Dreatica-FXP crew
*
* ----------------------------------------
* Target : ASUS DPC Proxy 2.0.0.16/2.0.0.24
* ----------------------------------------
* Exploit : ASUS DPC Proxy 2.0.0.16/2.0.0.19 Remote Buffer Overflow Exploit
* Exploit date : 02.04.2008
* Exploit writer : Heretic2 ([email protected])
* OS : Windows ALL
* Crew : Dreatica-FXP
* Location : http://www.milw0rm.com/
* ----------------------------------------
* Info : Sending long buufer(however the buffer should be send by chunks)
* we obtain a SEH exploitation, due to server bytes stricts i decided
* to use here a alphanumeric shellcodes and jumps.
* ----------------------------------------
* Thanks to:
* 1. Luigi Auriemma ( http://aluigi.org )
* 2. The Metasploit p
Metasploit
Asus Dpcproxy Buffer Overflow
metasploit
Asus Dpcproxy Buffer Overflow
Asus Dpcproxy Buffer Overflow
This module exploits a stack buffer overflow in Asus Dpcroxy version 2.0.0.19. It should be vulnerable until version 2.0.0.24. Credit to Luigi Auriemma
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/asuxdpc-adv.txthttp://secunia.com/advisories/29402http://securityreason.com/securityalert/3771http://www.securityfocus.com/archive/1/489966/100/0/threadedhttp://www.securityfocus.com/bid/28394http://www.vupen.com/english/advisories/2008/0982/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41358https://www.exploit-db.com/exploits/5694http://aluigi.altervista.org/adv/asuxdpc-adv.txthttp://secunia.com/advisories/29402http://securityreason.com/securityalert/3771http://www.securityfocus.com/archive/1/489966/100/0/threadedhttp://www.securityfocus.com/bid/28394http://www.vupen.com/english/advisories/2008/0982/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41358https://www.exploit-db.com/exploits/5694
2008-03-25
Published