header-logo
Suggest Exploit
vendor:
AoA Audio Extractor
by:
Unknown
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: AoA Audio Extractor
Affected Version From: 1.0.0.1
Affected Version To: 1.0.0.1
Patch Exists: Yes
Related CWE: CVE-2009-0478
CPE: a:aoamedia:aoa_audio_extractor
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-9c2460a4-f6b1-11dd-94d9-0030843d3802/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-0478/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0478/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Dr_IDE-AoA-JIT.rar

This exploit is a buffer overflow vulnerability in Dr.IDE AoA Audio Extractor. It allows an attacker to execute arbitrary code on the vulnerable system by sending a specially crafted file to the application. The vulnerability is caused due to a boundary error when handling the file name. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted file with an overly long file name.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

Tested on my XPSP3+IE7+/nx=AlwaysOn, should work on Windows 7 with 
the proper return value.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14599.rar (Dr_IDE-AoA-JIT.rar)

Navigation

Suggest Exploit

Services By CQR