Just a short notice as an addendum to IA2:
A new version (1.6) of the “Free WMA MP3 Converter” by eusing.com has been released which is still vulnerable to the same issue like all versions before. The interesting part here ? Well I’ve noticed the developer about the issue in v1.5 and got an answer from them too, but the answer itself wasn’t very eligible at all. I wanted to help fixing the issue but didn’t get any further answers until today :-(. Is that the correct way in dealing with security issues ? Answer this question by yourself.
Anyways, you can use exactly the same script to exploit the issue.