Sights'n Sound MediaServerListing.exe缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109431 漏洞类型 缓冲区溢出
发布时间 2005-12-12 更新时间 2006-01-19
CVE编号 CVE-2005-4194 CNNVD-ID CNNVD-200512-224
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26776
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-224
|漏洞详情
Sights'nSounds是一款简单易用的流媒体服务器。Sights'nSound的MediaServerListing.exe中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。如果用户能够提供1200个字符长的字符串做为mediaserverlisting.exe的参数的话,就可能允许用户完全入侵远程系统。
|漏洞EXP
source: http://www.securityfocus.com/bid/15809/info

Sights 'n Sounds Streaming Media Server is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation will likely result in a crash of the 'SWS.exe' application, denying service to legitimate users. Arbitrary code execution may also be possible, this may facilitate privilege escalation to SYSTEM level.

Sights 'n Sounds Streaming Media Server version 2.0.3.b is affected. 

http://www.example.com/MediaServerListing.exe?[long_string]
|参考资料

来源:BID
名称:15809
链接:http://www.securityfocus.com/bid/15809
来源:MISC
链接:http://www.ipomonis.com/advisories/sws.txt
来源:VUPEN
名称:ADV-2005-2841
链接:http://www.frsirt.com/english/advisories/2005/2841
来源:SECUNIA
名称:17998
链接:http://secunia.com/advisories/17998