Vulnerability Details : CVE-2017-8869
Public exploit exists!
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-8869
Probability of exploitation activity in the next 30 days: 17.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-8869
-
MediaCoder .M3U Buffer Overflow
Disclosure Date: 2013-06-24First seen: 2020-04-26exploit/windows/fileformat/mediacoder_m3uThis module exploits a buffer overflow in MediaCoder 0.8.22. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution under the context of the user. DEP bypass via ROP is supported on Windows 7, since the MediaCoder runs with DEP. This module
CVSS scores for CVE-2017-8869
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8869
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8869
-
https://www.exploit-db.com/exploits/42384/
404 Page Not Found | Exploit DatabaseThird Party Advisory;VDB Entry
Products affected by CVE-2017-8869
- cpe:2.3:a:mediacoder:mediacoder:0.8.48.5888:*:*:*:*:*:*:*