Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
BID:24029
Info
Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 24029 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2761 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | n00b is credited with the discovery of this issue. |
| Vulnerable: |
Magic ISO MagicISO 5.4(build 239) |
| Not Vulnerable: | |
Discussion
Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
Magic ISO Maker is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
Magic ISO Maker 5.4(build239) is vulnerable; other versions may also be affected.
Magic ISO Maker is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected library. Failed exploit attempts will likely result in denial-of-service conditions.
Magic ISO Maker 5.4(build239) is vulnerable; other versions may also be affected.
Exploit / POC
Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim to use the affected application to open a specially crafted CUE file.
The following proof of concept and exploit are available:
To exploit this issue, an attacker must entice an unsuspecting victim to use the affected application to open a specially crafted CUE file.
The following proof of concept and exploit are available:
Solution / Fix
Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
References:
References:
- MagicISO Homepage (MagicISO)