Published: 15/07/2008 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote malicious users to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
speedbit download accelerator plus 7.0.1.3
speedbit download accelerator plus 8
speedbit download accelerator plus 8.6.6.3

#include <stdioh> #include <stdlibh> /* DAP 8x (m3u) File BOF C Exploit for XP SP2,SP3 English SecurityFocus Advisory: Download Accelerator Plus (DAP) is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input Successfully exploiting this issue may allow remote attacke ...

#!/usr/bin/python # Download Accelerator Plus - DAP 8x (m3u) 0day Local Buffer Overflow Exploit # Bug discovered by Krystian Kloskowski (h07) <h07_at_interiapl> # Tested on: Download Accelerator Plus 86 / XP SP2 Polish # Shellcode: Windows Execute Command (calc) # Just for fun ;] ## from struct import pack shellcode = ( "\x6a\x22\x59\xd9 ...

CWE-119 http://www.securityfocus.com/bid/30138 http://secunia.com/advisories/30997 http://securityreason.com/securityalert/3997 http://www.vupen.com/english/advisories/2008/2027/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43674 https://www.exploit-db.com/exploits/6039 https://www.exploit-db.com/exploits/6030 https://nvd.nist.gov https://www.exploit-db.com/exploits/6039/

CVE-2008-3182

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect