CVE-2011-4620

PLIB 1.8.5 - Buffer Overflow in ulSetError Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4620. PoCs published by Andrés Gómez.

AI-analyzed exploit summary This exploit generates a malformed ACC file for TORCS 1.3.1, triggering a buffer overflow via a crafted MATERIAL field containing NOP sleds and shellcode. The shellcode binds a TCP shell on port 4444, achieving remote code execution when the file is loaded.

Description

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andrés Gómez · clocalwindows

https://www.exploit-db.com/exploits/18258

View Code ZIP pw:eip

This exploit generates a malformed ACC file for TORCS 1.3.1, triggering a buffer overflow via a crafted MATERIAL field containing NOP sleds and shellcode. The shellcode binds a TCP shell on port 4444, achieving remote code execution when the file is loaded.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TORCS 1.3.1

No auth needed

Prerequisites: Ability to place a malicious ACC file in TORCS' data directory · Victim must load the malicious file in TORCS

MITRE ATT&CK