CVE-2008-5159
published 2008-11-18CVE-2008-5159: Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a…
PriorityP354critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
59.67%
99.0th percentile
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clientsoftware | wincome_mpd_total | <= 3.0.2.623 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x65\x00\x00\x00\x00\x00\x00\x04\x00\x00\xFF\x1F
- →Monitor for oversized authentication packets sent to TCP port 13500 (WinComLPD remote administration service); the exploit header begins with the fixed byte sequence \x65\x00\x00\x00\x00\x00\x00\x04\x00\x00\xFF\x1F followed by a large NOP sled and shellcode. ↗
- →Alert on any TCP connection to port 13500 carrying a payload larger than ~872 bytes, which matches the exploit buffer size used to trigger the stack overflow. ↗
- →The vulnerability is triggered by a large string length argument in the remote administration protocol; detect integer overflow conditions by monitoring for abnormally large length field values in packets destined for port 13500. ↗
- ·The return address 0x0047d7a7 is hardcoded for WinComLPD 3.0.2.623 only; the exploit will not work as-is against other versions, though other versions may still be vulnerable. ↗
- ·Bad characters \x00 and \x0a are filtered from the payload; detection signatures must account for the fact that these bytes will not appear in the shellcode portion of the exploit buffer. ↗
- ·Payload space is limited to 600 bytes; shellcode exceeding this size cannot be delivered via this exploit path. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit)
exploitdb·2010-06-22
CVE-2008-5159 WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit)
WinComLPD 3.0.2 - Remote Buffer Overflow (Metasploit)
---
##
# $Id: wincomlpd_admin.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'WinComLPD %q{
This module exploits a stack buffer overflow in WinComLPD 'MC',
'License' => MSF_LICENSE,
'Version' => '$Revision: 9583 $',
'References' =>
[
['CVE', '2008-5159'],
['OSVDB', '42861'],
['BID', '27614'],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 600,
'BadChars' => "\x00\x0a",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'
Exploit-DB
WinComLPD Total 3.0.2.623 - Remote Buffer Overflow / Authentication Bypass
exploitdb·2008-02-04
CVE-2008-5159 WinComLPD Total 3.0.2.623 - Remote Buffer Overflow / Authentication Bypass
WinComLPD Total 3.0.2.623 - Remote Buffer Overflow / Authentication Bypass
---
source: https://www.securityfocus.com/bid/27614/info
WinComLPD Total is prone to multiple vulnerabilities, including buffer-overflow vulnerabilities and an authentication-bypass vulnerability.
Successfully exploiting these issues will allow an attacker to perform unauthorized actions or execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.
These issues affect WinComLPD Total 3.0.2.623; other versions may also be vulnerable.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31106.zip
Metasploit
WinComLPD Buffer Overflow
metasploit
WinComLPD Buffer Overflow
WinComLPD Buffer Overflow
This module exploits a stack buffer overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://aluigi.org/adv/wincomalpd-adv.txthttp://aluigi.org/poc/wincomalpd.ziphttp://secunia.com/advisories/28763http://securityreason.com/securityalert/4610http://www.securityfocus.com/archive/1/487507/100/200/threadedhttp://www.securityfocus.com/bid/27614http://www.vupen.com/english/advisories/2008/0410http://aluigi.org/adv/wincomalpd-adv.txthttp://aluigi.org/poc/wincomalpd.ziphttp://secunia.com/advisories/28763http://securityreason.com/securityalert/4610http://www.securityfocus.com/archive/1/487507/100/200/threadedhttp://www.securityfocus.com/bid/27614http://www.vupen.com/english/advisories/2008/0410
2008-11-18
Published