Published: 01/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote malicious users to execute arbitrary code via a script tag with a long defer attribute.

Vulnerable Product	Search on Vulmon	Subscribe to Product
w3 amaya 11.1

<?php /**//* Amaya 111 W3C's editor/browser Stack Owerflow POC Discover by Alfons Luja Thx : OiN select * from friends -- This stUff overwrite SEH in my box XP home sp 2 To correctly overwrite seh you must upload "remote_lovehtml" to remote server Amaya allow only printable shellcode in this case ...

# exploitpy # # Amaya 111 W3C Editor/Browser (defer) Stack Overflow Exploit # By: Encrypt3dM!nd # # Origninal Advisory: # wwwmilw0rmcom/exploits/8314 # # Fully Based on Rob Carter's Exploit # wwwmilw0rmcom/exploits/7988 # # Note:you need to upload Devil_insidehtml to a remote host # Works with windows xp sp2 # # metasploit - ...

#!/usr/bin/python # _ _ _ __ _ _ _ #| || | (_) ___ / \ | |__ | | | #| __ | | | (_-< | () | | / / |_ _| #|_||_| |_| /__/ \__/ |_\_\ |_| # #[+] Bug : Amaya 112 W3C Editor/Browser (defer) Remote BOF Exploit (SEH) #[+] Tested on : Xp sp3 (en) under (vb) #[+] Refer : wwwmilw0rmcom/exploits/8314 #[+] Exploit ...

CWE-119 http://secunia.com/advisories/34531 http://www.securityfocus.com/bid/34295 http://www.vupen.com/english/advisories/2009/0889 https://exchange.xforce.ibmcloud.com/vulnerabilities/47399 https://www.exploit-db.com/exploits/8321 https://www.exploit-db.com/exploits/8314 https://nvd.nist.gov https://www.exploit-db.com/exploits/8314/

CVE-2009-1209

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect