abcpp abcpp.c 缓冲区溢出漏洞

abcpp abcpp.c 缓冲区溢出漏洞

漏洞ID 1108345 漏洞类型 缓冲区溢出
发布时间 2004-12-15 更新时间 2005-01-10
图片[1]-abcpp abcpp.c 缓冲区溢出漏洞-安全小百科CVE编号 CVE-2004-1259
图片[2]-abcpp abcpp.c 缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200501-151
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/25021
https://www.securityfocus.com/bid/82619
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-151
|漏洞详情
abcpp是一款ABC音乐文件的预处理器程序。abcpp1.3.0版本中abcpp.c的handle_directive函数存在多个缓冲溢漏洞。远程攻击者可以通过特别构造的ABC文件,利用此漏洞执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/12021/info

abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.

Successful exploitation will result in execution of arbitrary code in the context of the user running the application. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25021.zip
|受影响的产品
abcpp abcpp 1.3.0
|参考资料

来源:XF
名称:abcpp-handledirective-bo(18581)
链接:http://xforce.iss.net/xforce/xfdb/18581
来源:MISC
链接:http://tigger.uic.edu/~jlongs2/holes/abcpp.txt

相关推荐: Geeklog 1.3.5 – HTML Attribute Cross-Site Scripting

Geeklog 1.3.5 – HTML Attribute Cross-Site Scripting 漏洞ID 1053604 漏洞类型 发布时间 2002-07-19 更新时间 2002-07-19 CVE编号 N/A CNNVD-ID N/A 漏洞平台 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享