PoC Buffer Overflow exploitation in the British Airways Entertainment System

Updated on 06/03/2019

I have created a blog post providing further details to clarify the CVE-2019-9019.

This CVE is getting a lot of attention and "fake news" are exaggerating this for their own benefit. No, I did not attack the system. I was curios about the USB port socket and its purpose and I found a weakness accidentally.

This was published without putting too much effort on the details about what and how this happened. However since this is getting a lot of attention I decided to write a blog post to clarify it.

From the beginning, the intention was to avoid this issue to go unnoticed, that's all, because I really think this should be addressed and I am supporting stakeholders on this.

Please read http://hmarco.org/bugs/CVE-2019-9019/CVE-2019-9019-British-Airways-Entertainment-System.html before you start to make wrong judgements using incomplete information about what and how this happened (video included).

I do not think I am the first person in the world knowing this issue but I know that now this have much more chances to be fixed.