- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 25015
- Проверка EDB
-
- Пройдено
- Автор
- QIAO ZHANG
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2004-1292
- Дата публикации
- 2004-12-15
Код:
source: https://www.securityfocus.com/bid/12010/info
Ringtone Tools is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application.
An attacker can exploit this issue by crafting a malicious eMelody file that contains excessive string data, replacement memory addresses, and executable instructions to trigger this issue.
If a user obtains this file and processes it through the application, the attacker-supplied instructions may be executed on the vulnerable computer. It is reported that successful exploitation may result in a compromise in the context of the application.
Ringtone Tools version 2.22 is reported prone to this vulnerability. It is likely that other versions are affected as well.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25015.zip- Источник
- www.exploit-db.com
