Common Vulnerability Exercise – 20 picoctf writeup 2014


This disc is encrypted. The surprisingly elaborate password hint refers to “the CVE Identifier for a 2014 vulnerability that allowed arbitrary code execution in Firefox via a buffer overflow in a speech codec”. If you found this “CVE-ID” thingy, it’d probably be the password.


You can search CVEs at Mitre. Google is pretty good at searching things too 😉

Searching in the Mitre for 2014 and firefox you get very few result back and finding one which has something to do with the buffer overflow 😀


So here is our flag


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s