vendor:
ALLMediaServer
by:
motaz reda
7.5
CVSS
HIGH
Buffer Overflow
121
CWE
Product Name: ALLMediaServer
Affected Version From: ALLMediaServer 0.8
Affected Version To: ALLMediaServer 0.8
Patch Exists: NO
Related CWE:
CPE: a:allmediaserver:allmediaserver:0.8
Platforms Tested: Windows 7 ultimate
2012
seh exploit, BOF
This exploit takes advantage of a buffer overflow vulnerability in ALLMediaServer 0.8. It allows an attacker to execute arbitrary code by sending a specially crafted payload to the target server. The exploit uses a combination of a short jump (NSEH) and a POP POP RETN (SEH) to bypass stack protection mechanisms and gain control of the program flow. The payload can be replaced with any desired shellcode.
Mitigation:
Upgrade to a patched version of ALLMediaServer that addresses the buffer overflow vulnerability. Apply proper input validation and bounds checking in the affected code.
