CVE-2008-4470

Numark CUE 5.0 rev2 - Stack-based Buffer Overflow via M3U Playlist Absolute Pathname

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4470. PoCs published by fl0 fl0w.

AI-analyzed exploit summary This is a functional exploit for a stack-based buffer overflow in Numark Cue 5.0 rev 2, triggered via a maliciously crafted .M3U file. The exploit overwrites the return address with a hardcoded EIP (0x7C8369F0) and executes shellcode to launch calc.exe.

Description

Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fl0 fl0w · c++localwindows

https://www.exploit-db.com/exploits/6389

View Code ZIP pw:eip

This is a functional exploit for a stack-based buffer overflow in Numark Cue 5.0 rev 2, triggered via a maliciously crafted .M3U file. The exploit overwrites the return address with a hardcoded EIP (0x7C8369F0) and executes shellcode to launch calc.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Numark Cue 5.0 rev 2

No auth needed

Prerequisites: Victim must open the malicious .M3U file with Numark Cue 5.0 rev 2

MITRE ATT&CK