vendor:
StreamAudio ChainCast ProxyManager
by:
e.b.
5.5
CVSS
MEDIUM
SEH Overwrite
119
CWE
Product Name: StreamAudio ChainCast ProxyManager
Affected Version From: ccpm_0237.dll 3.0.0.237
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows XP SP2 (fully patched) with English language and Internet Explorer 6
StreamAudio ChainCast ProxyManager ccpm_0237.dll SEH Overwrite Exploit
This exploit targets the ccpm_0237.dll file in StreamAudio ChainCast ProxyManager. It overwrites the Structured Exception Handling (SEH) to gain control of the application. The exploit includes a shellcode that executes the 'calc.exe' command. The shellcode is limited to about 680 bytes. This exploit has been tested on Windows XP SP2 (fully patched) with English language and Internet Explorer 6. Credit goes to h.d.m. and the Metasploit crew for their contributions.
Mitigation:
To mitigate this vulnerability, it is recommended to update StreamAudio ChainCast ProxyManager to a version that is not affected by this exploit. Additionally, implementing proper input validation and error handling in the application can help prevent SEH overwrite attacks.