Vulnerability Details : CVE-2015-1171
Public exploit exists!
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2015-1171
Probability of exploitation activity in the next 30 days: 67.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-1171
-
GSM SIM Editor 5.15 Buffer Overflow
Disclosure Date: 2010-07-07First seen: 2020-04-26exploit/windows/fileformat/gsm_simThis module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code. Authors: - Ruben Alejandro - chap0 <c
CVSS scores for CVE-2015-1171
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-1171
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1171
-
https://osandamalith.wordpress.com/2015/01/16/sim-editor-stack-based-buffer-overflow/
Exploit
-
http://packetstormsecurity.com/files/129992/simeditor-overflow.txt
Sim Editor 6.6 Buffer Overflow ≈ Packet StormExploit
-
https://www.youtube.com/watch?v=tljbFpYtDTk
Sim Editor 6.6 Buffer Overflow CVE-2015-1171 - YouTubeExploit
Products affected by CVE-2015-1171
- cpe:2.3:a:gsm:sim_card_editor:6.6:*:*:*:*:*:*:*