CVE-2010-4742
published 2011-02-18CVE-2010-4742: Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
56.37%
98.9th percentile
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting the PlayFileName property/method of the MediaDBPlayback ActiveX control with an overly long string argument (stack buffer overflow trigger). ↗
- →The Metasploit exploit uses a heap-spray return address of 0x0a0a0a0a targeting Windows XP SP0-SP3 / Vista with IE 6/7; network or memory forensics should flag this RET value in exploit shellcode context. ↗
- →The exploit payload bad character set is only null bytes (\x00), meaning almost any shellcode encoding is viable; focus detection on the heap-spray NOP sled pattern and unescape() JavaScript patterns in HTML delivered to IE. ↗
- →The exploit generates a malicious HTML file (default name msf.html) containing JavaScript heap spray with unescape() calls; monitor web proxies and email gateways for HTML files instantiating the MediaDBPlayback ActiveX CLSID with large PlayFileName values. ↗
- →EXITFUNC is set to 'process', meaning the shellcode will terminate the hosting process on exit; post-exploitation process termination of iexplore.exe shortly after ActiveX instantiation may indicate successful exploitation. ↗
- ·The Metasploit module targets only Windows XP SP0-SP3 and Windows Vista with IE 6.0 SP0-SP2 or IE 7; the hardcoded RET address (0x0a0a0a0a) is specific to this target set and may not apply to other OS/browser combinations. ↗
- ·The vulnerable DLL version is specifically 2.2.0.5; detections and mitigations should be scoped to this exact version of MediaDBPlayback.DLL within the Moxa ActiveX SDK. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
exploitdb·2010-11-05
CVE-2010-4742 MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule 'MOXA MediaDBPlayback ActiveX Control Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in MOXA_ActiveX_SDK. When
sending an overly long string to the PlayFileName() of MediaDBPlayback.DLL (2.2.0.5)
an attacker may be able to execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC' ],
'References' =>
[
[ 'CVE', '2010-4742' ],
[ 'OSVDB', '68986'],
[ 'URL', 'http://www.moxa.com' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
'DisablePayloadHandler' => 'true',
},
'Payload' =>
{
'Space' =>
Metasploit
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
metasploit
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in MOXA_ActiveX_SDK. When sending an overly long string to the PlayFileName() of MediaDBPlayback.DLL (2.2.0.5) an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1http://www.metasploit.com/modules/exploit/windows/fileformat/moxa_mediadbplaybackhttp://www.osvdb.org/68986http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1http://www.metasploit.com/modules/exploit/windows/fileformat/moxa_mediadbplaybackhttp://www.osvdb.org/68986
2011-02-18
Published