abcpp abcpp.c 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108345 漏洞类型 缓冲区溢出
发布时间 2004-12-15 更新时间 2005-01-10
CVE编号 CVE-2004-1259 CNNVD-ID CNNVD-200501-151
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/25021
https://www.securityfocus.com/bid/82619
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-151
|漏洞详情
abcpp是一款ABC音乐文件的预处理器程序。abcpp1.3.0版本中abcpp.c的handle_directive函数存在多个缓冲溢漏洞。远程攻击者可以通过特别构造的ABC文件,利用此漏洞执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/12021/info

abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.

Successful exploitation will result in execution of arbitrary code in the context of the user running the application. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25021.zip
|受影响的产品
abcpp abcpp 1.3.0
|参考资料

来源:XF
名称:abcpp-handledirective-bo(18581)
链接:http://xforce.iss.net/xforce/xfdb/18581
来源:MISC
链接:http://tigger.uic.edu/~jlongs2/holes/abcpp.txt