CVE-2009-1642 – ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow (PoC)

https://notcve.org/view.php?id=CVE-2009-1642

Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7." Múltiples desbordamientos de búfer basado en pila en Mini-stream ASX to MP3 Converter 3.0.0.7 permiten que atacantes remotos ejecuten código arbitrario mediante (1) una URL rtsp larga en un archivo .ram y (2) una cadena larga en el atributo HREF de un elemento REF en un archivo .asx. NOTA: sobre este último también se informó en "anteriores a la 3.1.3.7". • https://www.exploit-db.com/exploits/11930 https://www.exploit-db.com/exploits/11958 https://www.exploit-db.com/exploits/8630 https://www.exploit-db.com/exploits/8629 https://www.exploit-db.com/exploits/18781 https://www.exploit-db.com/exploits/11957 http://www.securityfocus.com/bid/34860 http://www.securityfocus.com/bid/34864 https://exchange.xforce.ibmcloud.com/vulnerabilities/50374 https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •