CVE-2007-2938

Ademco ATNBaseLoader100 <5.4.0.6 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2938. PoCs published by rgod.

AI-analyzed exploit summary This is a working proof-of-concept exploit for a buffer overflow vulnerability in the Ademco ATNBaseLoader100 ActiveX control. It leverages the Send485CMD method to overwrite EIP and execute arbitrary shellcode, specifically adding a new administrator user.

Description

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/3993

View Code ZIP pw:eip

This is a working proof-of-concept exploit for a buffer overflow vulnerability in the Ademco ATNBaseLoader100 ActiveX control. It leverages the Send485CMD method to overwrite EIP and execute arbitrary shellcode, specifically adding a new administrator user.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Ademco ATNBaseLoader100 Module ATNBaseLoader100.dll (5.4.0.6)

No auth needed

Prerequisites: Victim must be using IE 6 on Windows XP SP2 · Ademco ATNBaseLoader100 ActiveX control must be installed

MITRE ATT&CK