I’ve found a local stack buffer overflow vulnerability in “Free WMA MP3 Converter” version 1.5 which could lead to a remote shell when using the proper shellcode. This exploit is slightly different compared to the others out there: It’s for the newest version and works on Windows XP and Windows 7 x86 and x64 🙂

Read full advisory and PoC

[IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability *updated*
Tagged on:         

2 thoughts on “[IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability *updated*

  • February 20, 2012 at 3:14 am


    I did a rework of the POC, feel free to check it out. I think your listing to many badchars not sure why. Also i was wondering, i didn’t spend that much time on the exploit but superficially i only got shellcode of the instant type to run (msgbox, cmd, adduser,…) any ideas about that?


    Friendly greetings,


    • February 20, 2012 at 8:11 pm

      Hi b33f,

      first of all thanks for your verification!

      I just had a look at my PoC again, and verified that it’s working with only evading two bad chars “\x00\x0a” instead of 7, but I cannot remember anymore why I’ve been using these. Anyways…smaller shellcode saves space…

      I also tried to inject shellcode which opens up a (reverse) shell and can verify that this is not working for some reason…still investigating…let me know if you find a solution for this



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.