cbcvebase.
CVE-2010-4742
published 2011-02-18

CVE-2010-4742: Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
56.37%
98.9th percentile
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.

Detection & IOCsextracted from sources · hover to see the quote

filenameMediaDBPlayback.DLL
versionMediaDBPlayback.DLL 2.2.0.5
commandPlayFileName()
  • Detect exploitation attempts targeting the PlayFileName property/method of the MediaDBPlayback ActiveX control with an overly long string argument (stack buffer overflow trigger).
  • The Metasploit exploit uses a heap-spray return address of 0x0a0a0a0a targeting Windows XP SP0-SP3 / Vista with IE 6/7; network or memory forensics should flag this RET value in exploit shellcode context.
  • The exploit payload bad character set is only null bytes (\x00), meaning almost any shellcode encoding is viable; focus detection on the heap-spray NOP sled pattern and unescape() JavaScript patterns in HTML delivered to IE.
  • The exploit generates a malicious HTML file (default name msf.html) containing JavaScript heap spray with unescape() calls; monitor web proxies and email gateways for HTML files instantiating the MediaDBPlayback ActiveX CLSID with large PlayFileName values.
  • EXITFUNC is set to 'process', meaning the shellcode will terminate the hosting process on exit; post-exploitation process termination of iexplore.exe shortly after ActiveX instantiation may indicate successful exploitation.
  • ·The Metasploit module targets only Windows XP SP0-SP3 and Windows Vista with IE 6.0 SP0-SP2 or IE 7; the hardcoded RET address (0x0a0a0a0a) is specific to this target set and may not apply to other OS/browser combinations.
  • ·The vulnerable DLL version is specifically 2.2.0.5; detections and mitigations should be scoped to this exact version of MediaDBPlayback.DLL within the Moxa ActiveX SDK.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.