CVE-2010-3000
published 2010-08-30CVE-2010-3000: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow…
PriorityP356critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.50%
93.7th percentile
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes
07 50 75 08
snort
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt"; flow:established,to_client; content:"FLV"; nocase; depth:300; content:"onMetaData"; nocase; distance:0; content:"|07 50 75 08|"; within:100; reference:url,service.real.com/realplayer/security/08262010_player/en/; reference:url,www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/; reference:bugtraq,42775; reference:cve,2010-3000; classtype:attempted-user; sid:2011485; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_09_28, cve CVE_2010_3000, deployment Perimeter, confidence Medium, signature_severity Major, tag Web_Client_Attacks, updated_at 2019_07_26;)
- →Trigger condition: FLV file containing 'onMetaData' followed within 100 bytes by the byte sequence 07 50 75 08, delivered over HTTP to a client — characteristic of the integer overflow trigger in ParseKnownType.
- →Detection should focus on network traffic from $EXTERNAL_NET on HTTP ports delivering FLV content to client endpoints (flow: established, to_client).
- ·The Snort/ET rule targets HTTP delivery only (TCP $HTTP_PORTS); FLV files delivered via other protocols (e.g., RTSP, local file) would not be caught by this signature.
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f25h-xfh5-gjqp: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11
ghsa_unreviewed·2022-05-14
CVE-2010-3000 [HIGH] GHSA-f25h-xfh5-gjqp: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
Cisco
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
vendor_cisco·2010-07-07·CVSS 10.0
CVE-2010-1574 [CRITICAL] CWE-287 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco
IOS® Software releases 12.2(52)SE or 12.2(52)SE1,
contain a vulnerability where well known SNMP community names are hard-coded
for both read and write access. The
hard-coded community names are "public" and "private."
Cisco recommends that all administrators deploy the mitigation measures
outlined in the Workarounds section or perform a Cisco IOS Software
upgrade.
Cisco has released software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100707-snmp.
Cisco
Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
vendor_cisco
CVE-2010-1574 Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
CVE-2010-1574: Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability
Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS � Software releases 12.2(52)SE or 12.2(52)SE1, contain a vulnerability where well known SNMP community names are hard-coded for both read and write access. The hard-coded community names are "public" and "private." Cisco recommends that all administrators deploy the mitigation measures outlined in the
CWE: CWE-287, CWE-287
Bug IDs: CSCtf25589, CSCtf25589
Suricata
ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt
suricata·2010-09-28
CVE-2010-3000 ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt
ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt
Rule: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt"; flow:established,to_client; content:"FLV"; nocase; depth:300; content:"onMetaData"; nocase; distance:0; content:"|07 50 75 08|"; within:100; reference:url,service.real.com/realplayer/security/08262010_player/en/; reference:url,www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/; reference:bugtraq,42775; reference:cve,2010-3000; classtype:attempted-user; sid:2011485; rev:2; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2010_09_28, cve CVE_2010_3000, deployment Perimeter, confidence Medium, signature_seve
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004489; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mi
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004484; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_na
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004491; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004482; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_na
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004483; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_na
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004490; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mi
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004485; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_nam
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004487; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004480; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_na
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT"; flow:established,to_server; http.uri; content:"/G_Display.php?"; nocase; content:"iCategoryUnq="; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004481; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_04, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004486; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mi
Suricata
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3000 [HIGH] ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT
ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT"; flow:established,to_server; http.uri; content:"/Search/DisplayResults.php?"; nocase; content:"iSearchID="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-3000; reference:url,www.securityfocus.com/bid/24253; classtype:web-application-attack; sid:2004488; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mi
Exploit-DB
RealPlayer - FLV Parsing Integer Overflow
exploitdb·2010-09-13·CVSS 9.3
CVE-2010-3000 [CRITICAL] RealPlayer - FLV Parsing Integer Overflow
RealPlayer - FLV Parsing Integer Overflow
---
'''
__ __ ____ _ _ ____
| \/ |/ __ \ /\ | | | | _ \
| \ / | | | | / \ | | | | |_) |
| |\/| | | | |/ /\ \| | | | _ = 0x7507508 --> crash
flvBody2 = "\x00\x00\x09\x00\x00\x00\x20"
flv = open('poc.flv', 'wb+')
flv.write(flvHeader)
flv.write(flvBody1)
flv.write(HX_FLV_META_AMF_TYPE_MIXEDARRAY_Value)
flv.write(flvBody2)
flv.close()
print '[-] FLV file generated'
if __name__ == '__main__':
main()
Exploit-DB
Audio Converter 8.1 - Local Stack Buffer Overflow
exploitdb·2010-06-07
CVE-2010-2343 Audio Converter 8.1 - Local Stack Buffer Overflow
Audio Converter 8.1 - Local Stack Buffer Overflow
---
#***********************************************************************************
# Exploit Title : Audio Converter 8.1 0day Stack Buffer Overflow PoC exploit
# Date : 16/05/2010
# Author : Sud0
# Bug found by : chap0
# Software Link : http://download.cnet.com/Audio-Converter/3000-2140_4-10045287.html
# Version : 8.1
# OS : Windows
# Tested on : XP SP3 En (VirtualBox)
# Type of vuln : SEH
# Thanks to my wife for her support
# Thanks for chap0 for bringing us the game
# Greetz to: Corelan Security Team
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Script provided 'as is', without any warranty.
# Use for educational purposes
Exploit-DB
Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM
exploitdb·2010-06-07
CVE-2010-2343 Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM
Audio Converter 8.1 - Local Stack Buffer Overflow ROP/WPM
---
#***********************************************************************************
# Exploit Title : Audio Converter 8.1 0day Stack Buffer Overflow PoC exploit ROP/WPM
# Date : 07/06/2010
# Author : Sud0
# Bug found by : chap0
# Software Link : http://download.cnet.com/Audio-Converter/3000-2140_4-10045287.html
# Version : 8.1
# OS : Windows
# Tested on : XP SP3 En (VirtualBox)
# Type of vuln : SEH
# Thanks to my wife for her support
# Thanks for chap0 for bringing us the game
# Greetz to: Corelan Security Team
# mr_me you'r killing the ROP bro :)
# http://www.corelan.be:8800/index.php/security/corelan-team-members/
# Using ROP to bypass DEP protection and call WPM
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit-DB
Easy CD-DA Recorder 2007 - Local Buffer Overflow (SEH)
exploitdb·2010-06-07
CVE-2010-2343 Easy CD-DA Recorder 2007 - Local Buffer Overflow (SEH)
Easy CD-DA Recorder 2007 - Local Buffer Overflow (SEH)
---
# Exploit Title : Easy CD-DA Recorder 2007 SEH Buffer Overflow
# Date : June 7, 2010
# Author : chap0 [http://www.seek-truth.net]
# Software Link : http://download.cnet.com/Easy-CD-DA-Recorder/3000-2646_4-10059726.html
# Tested on : Windows XP SP3 En
# Type of vuln : SEH
# Greetz to : Corelan Security Team
# The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/
# Advisory : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-048
# --------------------------------------------------------------------------------------
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# fo
Exploit-DB
AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
exploitdb·2000-12-12
CVE-2000-1094 AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
AOL Instant Messenger 4.0/4.1.2010/4.2.1193 - BuddyIcon Buffer Overflow
---
source: https://www.securityfocus.com/bid/2122/info
AOL Instant Messenger (AIM) is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the aim: URL protocol connects aim:// urls to the AIM client. There exists a buffer overflow in parsing aim:// URL parameters.
The buffer overflow has to do with the parsing of parameters associated with the "buddyicon" option. The stack overflow will occur If the "Source" parameter, which arguments the buddyicon option, is more than 3000 characters in length. It may be possible to execute arbitrary code. Since this vulnerability manifests itself in an URL, a user needs only to click on th
No writeups or analysis indexed.
http://secunia.com/advisories/41096http://secunia.com/advisories/41154http://service.real.com/realplayer/security/08262010_player/en/http://www.securityfocus.com/archive/1/513383/100/0/threadedhttp://www.securitytracker.com/id?1024370http://www.vupen.com/english/advisories/2010/2216http://www.zerodayinitiative.com/advisories/ZDI-10-167https://exchange.xforce.ibmcloud.com/vulnerabilities/61423https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651http://secunia.com/advisories/41096http://secunia.com/advisories/41154http://service.real.com/realplayer/security/08262010_player/en/http://www.securityfocus.com/archive/1/513383/100/0/threadedhttp://www.securitytracker.com/id?1024370http://www.vupen.com/english/advisories/2010/2216http://www.zerodayinitiative.com/advisories/ZDI-10-167https://exchange.xforce.ibmcloud.com/vulnerabilities/61423https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6651
2010-08-30
Published