Published: 01/02/2008 Updated: 08/08/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Off-by-one error in Steamcast 0.9.75 and previous versions allows remote malicious users to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
radio toolbox steamcast

## # $Id: steamcast_useragentrb 9488 2010-06-11 16:12:05Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...

This module exploits a stack buffer overflow in Streamcast <= 0.9.75. By sending an overly long User-Agent in an HTTP GET request, an attacker may be able to execute arbitrary code.

msf > use exploit/windows/http/steamcast_useragent
      msf exploit(steamcast_useragent) > show targets
            ...targets...
      msf exploit(steamcast_useragent) > set TARGET <target-id>
      msf exploit(steamcast_useragent) > show options
            ...show and set options...
      msf exploit(steamcast_useragent) > exploit

CWE-189 http://aluigi.altervista.org/adv/steamcazz-adv.txt http://aluigi.org/poc/steamcazz.zip https://exchange.xforce.ibmcloud.com/vulnerabilities/39928 https://www.securityfocus.com/bid/33898 https://nvd.nist.gov https://www.exploit-db.com/exploits/16800/https://www.rapid7.com/db/modules/exploit/windows/http/steamcast_useragent

CVE-2008-0550

Vulnerability Summary

Exploits

Metasploit Modules

References