Published: 14/04/2010 Updated: 07/12/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote malicious users to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows 2000
microsoft windows xp
microsoft windows xp -
microsoft windows server 2003
microsoft windows 2003 server
microsoft windows server 2008 -
microsoft windows server 2008
microsoft windows vista
microsoft windows vista -

''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ wwwexploit-dbcom/moaub-24-microsoft-mpeg-layer-3-audio-decoder-division-by-zero/ githubcom/offensive-s ...

## # $Id: ms10_026_avi_nsamplespersecrb 13555 2011-08-13 02:15:05Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf ...

''' __ __ ____ _ _ ____ | \/ |/ __ \ /\ | | | | _ \ | \ / | | | | / \ | | | | |_) | | |\/| | | | |/ /\ \| | | | _ < Day 5 (Binary Analysis) | | | | |__| / ____ \ |__| | |_) | |_| |_|\____/_/ \_\____/|____/ wwwexploit-dbcom/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow/ g ...

This Metasploit module exploits a buffer overflow in l3codecxax while processing a AVI files with MPEG Layer-3 audio contents The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the NET DLL memory technique pioneered by Alexander Sotirov and Mark ...

Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3 remote command execution exploit ...

Investigation Report for the September 2014 Equation malware detection incident in the US

Securelist • Kaspersky Lab • 16 Nov 2017

In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. Given that Kaspersky Lab has been at the forefront of fighting cyberespionage and cybercriminal activities on the Internet for over 20 years now, these allegations were treated very seriously. To assist any independent investigators and all the people who have been asking us questions whether those allegations were tr...

CVE-2010-0480

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect