Published: 18/05/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in MagicISO 5.4 build 239 and previous versions allows remote malicious users to execute arbitrary code via a long filename in a .cue file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
magiciso magiciso

#!/usr/bin/env ruby ################################### #Credits to n00b for finding this bug #Magic iso has a stacked based buffer over-flow when #We pass an overly-long file name inside the cue file #We are able to control alot of the registers so #Command execution is possible,But im still learning #Which means this will get released as a do ...

/* -- poc/demo for magiciso exploit, found by n00b -- by: v9@fakehalous -- original email reply comments: I actually looked into this when you posted this on milw0rm I was able to get it to run arbitrary code, however it was so unreliable it wasn't worth me posting however, it was informative you have control of several registers, however ...

NVD-CWE-Other http://secunia.com/advisories/25325 http://www.securityfocus.com/bid/24029 http://osvdb.org/36077 http://www.vupen.com/english/advisories/2007/1865 https://exchange.xforce.ibmcloud.com/vulnerabilities/34346 https://www.exploit-db.com/exploits/3945 http://www.securityfocus.com/archive/1/469302/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/3945/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2761

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect