Julien Ahrens === @MrTuxracer

Vulnerability Intel | ROP Gadget Hunter | Privacy Enthusiast | Full-time BugBounty hunter | @Hacker0x01 MVH | @SynackRedTeam member | on a world-trip

Free WMA MP3 Converter v1.6 still vulnerable

21 Apr 2012 » Advisory

Just a short notice as an addendum to IA2:

A new version (1.6) of the “Free WMA MP3 Converter” by eusing.com has been released which is still vulnerable to the same issue like all versions before. The interesting part here ? Well I’ve noticed the developer about the issue in v1.5 and got an answer from them too, but the answer itself wasn’t very eligible at all. I wanted to help fixing the issue but didn’t get any further answers until today :-(. Is that the correct way in dealing with security issues ? Answer this question by yourself.

Anyways, you can use exactly the same script to exploit the issue.