Common Vulnerability Exercise – 20 picoctf writeup 2014

cev-20

This disc is encrypted. The surprisingly elaborate password hint refers to “the CVE Identifier for a 2014 vulnerability that allowed arbitrary code execution in Firefox via a buffer overflow in a speech codec”. If you found this “CVE-ID” thingy, it’d probably be the password.

cev-20_hint

You can search CVEs at Mitre. Google is pretty good at searching things too 😉

Searching in the Mitre for 2014 and firefox you get very few result back and finding one which has something to do with the buffer overflow 😀

cev_ans

So here is our flag

CVE-2014-1542
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s