CVE-2015-1171
published 2015-08-28CVE-2015-1171: Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.66%
99.1th percentile
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gsm | sim_card_editor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit targets GSM SIM Editor (SIM Card Editor) versions 5.15 and 6.6 on Windows; monitor process creation of the SIM editor application when opening .sms files from untrusted sources. ↗
- →Post-exploitation payload is a bind_tcp Meterpreter shell on port 4444; detect unexpected inbound connections on TCP/4444 from the SIM editor process. ↗
- →A Metasploit fileformat module exists for this CVE (windows/fileformat/gsm_sim); scan for its use in penetration testing or red-team activity against Windows XP SP2 and Windows 8 64-bit targets. ↗
- ·The hardcoded return address (B3804200 → 0x004280B3) is specific to the exploit-db PoC build environment; actual exploitation may use a different RET address depending on the target DLL/EXE base address. ↗
- ·Two shellcode variants are embedded in the PoC: one opens MS Paint (benign demo) and one is a bind_tcp Meterpreter on port 4444; real-world attacks may substitute arbitrary shellcode at the same offset. ↗
- ·The NVD advisory references version 6.6 while the Metasploit module targets version 5.15; both versions are affected and detections should cover both. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sim Editor 6.6 - Local Stack Buffer Overflow
exploitdb·2015-01-16·CVSS 10.0
CVE-2015-1171 [CRITICAL] Sim Editor 6.6 - Local Stack Buffer Overflow
Sim Editor 6.6 - Local Stack Buffer Overflow
---
#include
#include
#include
#define SIZE 65536
/*
* Title: Sim Editor v6.6 Stack Based Buffer Overflow
* Version: 6.6
* Tested on: Windows XP sp2 en, Windows 8 64-bit
* Date: 16-01-2015
* Author: Osanda Malith Jayathissa
* E-Mail: osanda[cat]unseen.is
* Website: OsandaMalith.wordpress.com
* CVE: CVE-2015-1171
*/
const char shell1[] = "ba516a43ddd9e9d97424f45e33c9b1"
"3231561503561583eefce2a496ab54"
"46672c07cf821d15abc70ca9b88abc"
"42ec3e36263830ff8d1e7f00209ed3"
"c222622e17855be16ac49c1c849475"
"6a3709f22e8428d424b45251fa41e9"
"582bf96612d3712082e25632feadd3"
"81752c32d8761e7ab749ae77c98e09"
"68bce46915c73f13c142ddb382f505"
"454663ce4923e7884db224a36a3fcb"
"63fb7be8a7a7d891fe0d8eaee0ea6f"
"0b6b187b2d36777abf4d3e7cbf4d11"
"158ec6fe620f0d
Metasploit
GSM SIM Editor 5.15 Buffer Overflow
metasploit
GSM SIM Editor 5.15 Buffer Overflow
GSM SIM Editor 5.15 Buffer Overflow
This module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129992/simeditor-overflow.txthttps://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/https://www.youtube.com/watch?v=tljbFpYtDTkhttp://packetstormsecurity.com/files/129992/simeditor-overflow.txthttps://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/https://www.youtube.com/watch?v=tljbFpYtDTk
2015-08-28
Published