Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter)
Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leverage a specially crafted exploit file with shellcode, SEH bypass, and egghunter technique to achieve remote code execution on vulnerable Windows systems.CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Stack-based Buffer Overflow A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
References
https://www.vulncheck.com/advisories/free-mp-cd-ripper-stack-buffer-overflow-seh-egghunter
Tags : third-party-advisory
Tags : third-party-advisory
