I’ve found a local stack buffer overflow vulnerability in “Free WMA MP3 Converter” version 1.5 which could lead to a remote shell when using the proper shellcode. This exploit is slightly different compared to the others out there: It’s for the newest version and works on Windows XP and Windows 7 x86 and x64 🙂

Read full advisory and PoC

[IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability *updated*
Tagged on:         

2 thoughts on “[IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability *updated*

  • February 20, 2012 at 3:14 am
    Permalink

    Hi,

    I did a rework of the POC, feel free to check it out. I think your listing to many badchars not sure why. Also i was wondering, i didn’t spend that much time on the exploit but superficially i only got shellcode of the instant type to run (msgbox, cmd, adduser,…) any ideas about that?

    http://www.fuzzysecurity.com/exploits/5.html

    Friendly greetings,

    b33f

    Reply
    • February 20, 2012 at 8:11 pm
      Permalink

      Hi b33f,

      first of all thanks for your verification!

      I just had a look at my PoC again, and verified that it’s working with only evading two bad chars “\x00\x0a” instead of 7, but I cannot remember anymore why I’ve been using these. Anyways…smaller shellcode saves space…

      I also tried to inject shellcode which opens up a (reverse) shell and can verify that this is not working for some reason…still investigating…let me know if you find a solution for this

      Regards,
      Julien

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.