CVE-2008-0248

StreamAudio ChainCast ProxyManager ActiveX Control - Buffer Overflow via InternalTuneIn Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0248. PoCs published by Elazar.

AI-analyzed exploit summary This exploit targets a SEH overwrite vulnerability in StreamAudio ChainCast ProxyManager (ccpm_0237.dll) via a crafted HTML file. It uses a Metasploit-generated shellcode to execute arbitrary commands (e.g., calc.exe) on Windows XP SP2 with IE6.

Description

Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar · htmlremotewindows

https://www.exploit-db.com/exploits/4894

View Code ZIP pw:eip

This exploit targets a SEH overwrite vulnerability in StreamAudio ChainCast ProxyManager (ccpm_0237.dll) via a crafted HTML file. It uses a Metasploit-generated shellcode to execute arbitrary commands (e.g., calc.exe) on Windows XP SP2 with IE6.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: StreamAudio ChainCast ProxyManager ccpm_0237.dll 3.0.0.237

No auth needed

Prerequisites: Victim must open the malicious HTML file in Internet Explorer 6 · Target system must have the vulnerable ccpm_0237.dll installed

MITRE ATT&CK