module
ALLMediaServer 0.8 Buffer Overflow
| Disclosed | Created |
|---|---|
| 2012-07-04 | 2018-05-30 |
Disclosed
2012-07-04
Created
2018-05-30
Description
This module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability
is caused due to a boundary error within the handling of HTTP request.
While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't
reliable across virtual (VMWare, VirtualBox) and physical environments. Because of
this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default
DEP is OptIn and AllMediaServer won't run with DEP.
is caused due to a boundary error within the handling of HTTP request.
While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't
reliable across virtual (VMWare, VirtualBox) and physical environments. Because of
this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default
DEP is OptIn and AllMediaServer won't run with DEP.
Authors
motaz reda motazkhodair@gmail.com
modpr0be tom@spentera.com
juan vazquez juan.vazquez@metasploit.com
modpr0be tom@spentera.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.