CVE-2006-3668

Dynamic Universal Music Bibliotheque < 0.9.3 - Heap-Based Buffer Overflow via IT File Envelope Nodes

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3668. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates a heap overflow vulnerability in Dumb <= 0.9.3 by crafting a malicious .IT file that triggers a buffer overflow in the it_read_envelope function. The PoC creates an oversized pitch_envelope structure to overflow the IT_INSTRUMENT structure.

Description

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · cdoswindows

https://www.exploit-db.com/exploits/2037

View Code ZIP pw:eip

This exploit demonstrates a heap overflow vulnerability in Dumb <= 0.9.3 by crafting a malicious .IT file that triggers a buffer overflow in the it_read_envelope function. The PoC creates an oversized pitch_envelope structure to overflow the IT_INSTRUMENT structure.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Dumb <= 0.9.3 (CVS 16 Jul 2006)

No auth needed

Prerequisites: Ability to deliver a malicious .IT file to the target

MITRE ATT&CK