Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC

vendor:

Music Tag Editor

by:

Gjoko 'LiquidWorm' Krstic

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Music Tag Editor

Affected Version From: 1.61 build 212

Affected Version To: 1.61 build 212

Patch Exists: YES

Related CWE: CVE-2009-2490

CPE: a:assistanttools:music_tag_editor

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows XP Professional SP3

2009

Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC

A buffer overflow vulnerability in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via a crafted MP3 file. This vulnerability is exploited by sending a specially crafted MP3 file to the victim, which when opened in Music Tag Editor 1.61 build 212, will cause a buffer overflow and allow the attacker to execute arbitrary code on the victim's system.

Mitigation:

Upgrade to the latest version of Music Tag Editor 1.61 build 212 or later.

Source

Exploit-DB raw data:

==

* Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC *

Product: http://www.assistanttools.com/products/tag_editors/music_tag_editor/index.shtml
Tested On Microsoft Windows XP Professional SP3 (English)

Vulnerability Discovered By Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.org/
15.07.2009

==

(8bc.86c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00410041 ebx=00000000 ecx=0010fa80 edx=00410041 esi=001e5fb0 edi=000fd060
eip=cccccccc esp=000fcfa0 ebp=000fcff8 iopl=0         nv up ei pl nz ac po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010212
cccccccc ?? 

==

*** Proof Of Concept: http://zeroscience.org/codes/aimp2_evil.mp3   http://www.zeroscience.mk/old/codes/aimp2_evil.mp3
		      https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/8837.mp3 (2009-aimp2_evil.mp3)

** Note: The same PoC used in:
- http://secunia.com/advisories/35305/
- http://secunia.com/advisories/35295/

EOF

# milw0rm.com [2009-07-16]