CVE-2006-7157

Google Earth 4.0.2091 - Denial of Service via Long href Element in KML/KMZ File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7157. PoCs published by JAAScois.

AI-analyzed exploit summary This exploit generates malformed KML files with excessively long buffers to trigger a buffer overflow in Google Earth v4.0.2091(beta). The PoC creates two files: one with NOP sleds (0x90) and another with 'A' characters (0x41) to demonstrate the vulnerability.

Description

Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.

Exploits (1)

exploitdb WORKING POC VERIFIED

by JAAScois · cdoswindows

https://www.exploit-db.com/exploits/28785

View Code ZIP pw:eip

This exploit generates malformed KML files with excessively long buffers to trigger a buffer overflow in Google Earth v4.0.2091(beta). The PoC creates two files: one with NOP sleds (0x90) and another with 'A' characters (0x41) to demonstrate the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Google Earth v4.0.2091(beta)

No auth needed

Prerequisites: Victim must open the malformed KML file in Google Earth

MITRE ATT&CK