This module exploits a vulnerability in Download Accelerator Plus when importing a M3U file (MP3 Playlist) and verify option is used, may allow a remote unprivileged user who provides a crafted M3U document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running Download Accelerator Plus. This can be exploited to cause a stack based buffer overflow when a specially crafted file is imported and the verify button is used in DAP. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
CVE Link
Exploit Platform
Exploit Type
Product Name