vendor:
News Rover
by:
Umesh Wanve
7.5
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: News Rover
Affected Version From: News Rover 12.1 Rev 1
Affected Version To: News Rover 12.1 Rev 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows 2000 SP4 Server English, Windows 2000 SP4 Professional English
2007
News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
Buffer overflow exists in Subject parameter of the .nzb file. By passing more than 2022 bytes, we can able to overwrite SEH handler. The buffer consists of 2022 bytes of A's, followed by a short jmp to the hellcode, SEH handler, NOP sled, and shellcode.
Mitigation:
Apply the latest patch from the vendor.