This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing XBMC. A boundary error within the websHomePageHandler() function can be exploited to cause a stack-based buffer overflow by sending a specially crafted GET HTTP request with an overly long path to the web server.
The internal stack may be overrun while handling either "XMD5", "XSHA1" or "XCRC" commands with an overly long filename. This condition can be exploited by attackers to ultimately execute instructions with the privileges of the WS_FTP process, typically administrator or system. Exploitation requires valid or anonymous FTP server credentials. The WS_FTP server will remain active after a successful exploitation.
Exploits a condition where a remote user can arbitrary control the pointer to the association contained in a "Association Delete Message". This condition is abused to corrupt a function pointer in the application and install an agent. At the same time, another option of the protocol is used to populate the heap with executable code and increase the success possibilities.
Subscribe to Windows