CVE-2011-5171
published 2012-09-15CVE-2011-5171: Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src…
PriorityP266critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
45.79%
98.6th percentile
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyberlink | power2go | — | — |
| cyberlink | power2go | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect malformed .p2g project files with an overly long string in the 'name' attribute of the file element — this triggers the SEH overwrite ↗
- →Alert on Power2Go8.exe or WaveEditor.exe spawning child processes or executing shellcode after opening a project file — exploit uses 'migrate -f' post-exploitation auto-run ↗
- →Flag .p2g files where the 'src' or 'name' XML attribute values are abnormally long (hundreds of bytes), as both parameters are vulnerable to stack buffer overflow ↗
- →Detect use of x86/unicode_mixed or x86/alpha_mixed encoder with BufferRegister=EAX or EDX in shellcode delivered via .p2g files ↗
- ·The Metasploit module targets only Power2Go 8.x with a hardcoded SEH overwrite RET address; Power2Go 7 (build 196) exploitation requires a different offset/gadget ↗
- ·Payload space is limited to 1024 bytes and null bytes are bad characters, constraining shellcode options ↗
- ·The PoC was tested on Windows XP SP3 and Windows 7 SP1 only; behavior on other OS versions is unconfirmed ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CyberLink Power2Go - name Attribute (p2g) Stack Buffer Overflow (Metasploit)
exploitdb·2012-04-18
CVE-2011-5171 CyberLink Power2Go - name Attribute (p2g) Stack Buffer Overflow (Metasploit)
CyberLink Power2Go - name Attribute (p2g) Stack Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 'CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit',
'Description' => %q{
This module exploits a stack buffer overflow in CyberLink Power2Go version 8.x
The vulnerability is triggered when opening a malformed p2g file containing an overly
long string in the 'name' attribute of the file element. This results in overwriting a
structured exception handler record.
},
'License' => MSF_LICENSE,
'Author' =>
[
'modpr0be ', # i
Exploit-DB
CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)
exploitdb·2011-12-09
CVE-2011-5171 CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)
CyberLink (Multiple Products) - File Project Handling Stack Buffer Overflow (PoC)
---
#!/usr/bin/python
#
# Exploit Title: CyberLink Multiple Products File Project Handling Stack Buffer Overflow POC
# by: modpr0be[at]spentera[dot]com (@modpr0be)
# Platform: Windows
# Tested on: Windows XP SP3, Windows 7 SP1 with:
# CyberLink Power2Go 7 (build 196)
# CyberLink Power2Go 8 (build 1031)
# CyberLink WaveEditor 2.0 (build 2204)
# Software Link: http://www.cyberlink.com/downloads/trials/index_en_US.html
# CVE : -
### Software Description
# CyberLink Power2Go is all-media disc burning software.
# Copy all your media to any disc with Power2Go 8! With new System Recovery tools
# and over 5000 free DVD menus to choose from on DirectorZone.com, Power2Go 8 not
# only burns everything but allows you
Metasploit
CyberLink Power2Go name Attribute (p2g) Stack Buffer Overflow Exploit
metasploit
CyberLink Power2Go name Attribute (p2g) Stack Buffer Overflow Exploit
CyberLink Power2Go name Attribute (p2g) Stack Buffer Overflow Exploit
This module exploits a stack buffer overflow in CyberLink Power2Go version 8.x The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
No writeups or analysis indexed.
http://osvdb.org/77600http://secunia.com/advisories/47145http://www.exploit-db.com/exploits/18220http://www.kb.cert.org/vuls/id/158003https://exchange.xforce.ibmcloud.com/vulnerabilities/71723http://osvdb.org/77600http://secunia.com/advisories/47145http://www.exploit-db.com/exploits/18220http://www.kb.cert.org/vuls/id/158003https://exchange.xforce.ibmcloud.com/vulnerabilities/71723
2012-09-15
Published