Vulnerability Details : CVE-2011-1574
Public exploit exists!
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2011-1574
Probability of exploitation activity in the next 30 days: 31.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-1574
-
VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow
Disclosure Date: 2011-04-07First seen: 2020-04-26exploit/windows/fileformat/vlc_modplug_s3mThis module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products
CVSS scores for CVE-2011-1574
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1574
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1574
-
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml
ModPlug: User-assisted execution of arbitrary code (GLSA 201203-16) — Gentoo security
-
http://securityreason.com/securityalert/8243
VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow - CXSecurity.com
-
http://modplug-xmms.git.sourceforge.net/git/gitweb.cgi?p=modplug-xmms/modplug-xmms%3Ba=commit%3Bh=aecef259828a89bb00c2e6f78e89de7363b2237b
ModPlug for XMMS / Git tools
-
http://www.debian.org/security/2011/dsa-2226
Debian -- Security Information -- DSA-2226-1 libmodplug
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622091
#622091 - libmodplug ReadS3M stack overflow - Debian Bug report logsPatch
-
https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
Page not found | SEC ConsultExploit
-
http://securitytracker.com/id?1025480
GStreamer Stack Overflow (libmodplug) in Processing S3M Files Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://www.ubuntu.com/usn/USN-1148-1/
USN-1148-1: libmodplug vulnerabilities | Ubuntu security notices
-
http://openwall.com/lists/oss-security/2011/04/11/6
oss-security - CVE request for libmodplugExploit;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=695420
695420 – (CVE-2011-1574) CVE-2011-1574 libmodplug: ReadS3M stack overflow vulnerabilityExploit;Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:085
mandriva.com
-
https://rhn.redhat.com/errata/RHSA-2011-0477.html
RHSA-2011:0477 - Security Advisory - Red Hat Customer Portal
-
http://openwall.com/lists/oss-security/2011/04/11/13
oss-security - Re: CVE request for libmodplugExploit;Patch
Products affected by CVE-2011-1574
- cpe:2.3:a:konstanty_bialkowski:libmodplug:*:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:konstanty_bialkowski:libmodplug:0.8.6:*:*:*:*:*:*:*