14 July, 2009

Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC

==

* Music Tag Editor 1.61 build 212 Remote Buffer Overflow PoC *

Product: http://www.assistanttools.com/products/tag_editors/music_tag_editor/index.shtml
Tested On Microsoft Windows XP Professional SP3 (English)

Vulnerability Discovered By Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.org/
15.07.2009

==

(8bc.86c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00410041 ebx=00000000 ecx=0010fa80 edx=00410041 esi=001e5fb0 edi=000fd060
eip=cccccccc esp=000fcfa0 ebp=000fcff8 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
cccccccc ??

==

*** Proof Of Concept: http://zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3

** Note: The same PoC used in:
- http://secunia.com/advisories/35305/
- http://secunia.com/advisories/35295/

EOF





http://www.zeroscience.org/codes.html

No comments: