Published: 25/07/2012 Updated: 29/08/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote malicious users to execute arbitrary code via a crafted flm file.


#!python # Title: Remote-Anything Player 56015 PoC # Author: Saint Patrick <saintpatrick@l1phtcom> # Date: 4/25/2012 # Just a heads up, you can get full EIP by pushing on # However, at crash time no registers point to buffer, so I chose # instead to work with the 3 byte overwrite shown here This allows # calling of other controllable ...