I’ve found a local stack buffer overflow vulnerability in “Free WMA MP3 Converter” version 1.5 which could lead to a remote shell when using the proper shellcode. This exploit is slightly different compared to the others out there: It’s for the newest version and works on Windows XP and Windows 7 x86 and x64 🙂
[IA2] Free WMA MP3 Converter v1.5 (.wav) Local Buffer Overflow Vulnerability Details ============= Product: Free WMA MP3 Converter v1.5 Severity: Medium Exploit-Type: Local Vendor-URL: http://www.eusing.com Advisory-Status: published References: - Contact: info[a.t]inshell[d.o.t]net Credits ============= Discovered by: Julien Ahrens Affected Products: ============= Free WMA MP3 Converter v1.5 Tested on: ============= Windows XP SP3 Professional German Windows 7 SP1 Home Premium German Description ============= Free WMA MP3 Converter is an free WMA to MP3 converter which helps you convert WMA to MP3, MP3 to WMA, WAV to MP3, WAV to WMA, MP3 to WAV, WMA to WAV etc. Free WMA MP3 Converter provides optimized default settings. No more thinking but just a click to start WMA to MP3 conversion with the MP3 converter! Timeline ================ 2012-01-21: Vendor Notification 2012-01-28: Vendor Notification #2 2012-01-28: Vendor Response/Feedback