module
ALLMediaServer 0.8 Buffer Overflow
Disclosed | Created |
---|---|
Jul 4, 2012 | May 30, 2018 |
Disclosed
Jul 4, 2012
Created
May 30, 2018
Description
This module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability
is caused due to a boundary error within the handling of HTTP request.
While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't
reliable across virtual (VMWare, VirtualBox) and physical environments. Because of
this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default
DEP is OptIn and AllMediaServer won't run with DEP.
is caused due to a boundary error within the handling of HTTP request.
While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't
reliable across virtual (VMWare, VirtualBox) and physical environments. Because of
this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default
DEP is OptIn and AllMediaServer won't run with DEP.
Authors
motaz reda motazkhodair@gmail.com
modpr0be tom@spentera.com
juan vazquez juan.vazquez@metasploit.com
modpr0be tom@spentera.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.