CVE-2017-17968
CRITICALNetTransport Download Manager < 2.96l - Remote Code Execution via Long HTTP Response
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2017-17968.
PoCs published by Aloyce J. Makalanga, Lincoln, dookie, including Metasploit module exploits/windows/misc/nettransport.
AI-analyzed exploit summary This exploit demonstrates a buffer overflow in NetTransport Download Manager 2.96L, leveraging a ROP chain to bypass DEP and execute arbitrary shellcode (calc.exe) via a malicious HTTP response header.
Description
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
Exploits (2)
This exploit demonstrates a buffer overflow in NetTransport Download Manager 2.96L, leveraging a ROP chain to bypass DEP and execute arbitrary shellcode (calc.exe) via a malicious HTTP response header.
This Metasploit module exploits a stack buffer overflow in NetTransport Download Manager 2.90.510 via a crafted packet sent to port 22222. It uses an egghunter and SEH overwrite to achieve remote code execution.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H