CVE-2008-6953

ooVoo 1.7.1.35 - Buffer Overflow via Long oovoo: URI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6953. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This PHP script generates an HTML file with a malicious ooVoo URL protocol link that triggers a unicode buffer overflow in ooVoo 1.7.1.35 when clicked. The PoC demonstrates a remote code execution vulnerability via a crafted URL.

Description

Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · textdoswindows

https://www.exploit-db.com/exploits/7090

View Code ZIP pw:eip

This PHP script generates an HTML file with a malicious ooVoo URL protocol link that triggers a unicode buffer overflow in ooVoo 1.7.1.35 when clicked. The PoC demonstrates a remote code execution vulnerability via a crafted URL.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ooVoo 1.7.1.35

No auth needed

Prerequisites: Victim must click the malicious link in a browser · ooVoo 1.7.1.35 must be installed

MITRE ATT&CK