abcpp abcpp.c 缓冲区溢出漏洞

23次阅读
没有评论

abcpp abcpp.c 缓冲区溢出漏洞

漏洞ID 1108345 漏洞类型 缓冲区溢出
发布时间 2004-12-15 更新时间 2005-01-10
abcpp abcpp.c 缓冲区溢出漏洞CVE编号 CVE-2004-1259
abcpp abcpp.c 缓冲区溢出漏洞CNNVD-ID CNNVD-200501-151
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/25021
https://www.securityfocus.com/bid/82619
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200501-151
|漏洞详情
abcpp是一款ABC音乐文件的预处理器程序。abcpp1.3.0版本中abcpp.c的handle_directive函数存在多个缓冲溢漏洞。远程攻击者可以通过特别构造的ABC文件,利用此漏洞执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/12021/info

abcpp is prone to a buffer overflow vulnerability. This issue is exposed when the program is used to handle directives in ABC music notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.

Successful exploitation will result in execution of arbitrary code in the context of the user running the application. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/25021.zip
|受影响的产品
abcpp abcpp 1.3.0
|参考资料

来源:XF
名称:abcpp-handledirective-bo(18581)
链接:http://xforce.iss.net/xforce/xfdb/18581
来源:MISC
链接:http://tigger.uic.edu/~jlongs2/holes/abcpp.txt

相关推荐: Geeklog 1.3.5 – HTML Attribute Cross-Site Scripting

Geeklog 1.3.5 – HTML Attribute Cross-Site Scripting 漏洞ID 1053604 漏洞类型 发布时间 2002-07-19 更新时间 2002-07-19 CVE编号 N/A CNNVD-ID N/A 漏洞平台 …

正文完
 0