CVE-2008-3480

Anzio WePO <3.2.19-3.2.24 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3480. PoCs published by Core Security.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in the Anzio Web Print Object ActiveX component via a long 'mainurl' parameter, allowing arbitrary code execution through SEH overwrite and heap spraying. The PoC generates an HTML file that triggers the vulnerability to launch the Windows Calculator.

Description

Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textremotewindows

https://www.exploit-db.com/exploits/6278

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow in the Anzio Web Print Object ActiveX component via a long 'mainurl' parameter, allowing arbitrary code execution through SEH overwrite and heap spraying. The PoC generates an HTML file that triggers the vulnerability to launch the Windows Calculator.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Anzio Web Print Object 3.2.19, 3.2.24

No auth needed

Prerequisites: Victim must have vulnerable Anzio Web Print Object installed · Victim must visit a malicious webpage hosting the exploit

MITRE ATT&CK