Document Title: =============== AVS Audio Converter 8.2.1 - Buffer Overflow Vulnerability References (Source): ==================== http://ift.tt/2bXq9ze Release Date: ============= 2016-08-22 Vulnerability Laboratory ID (VL-ID): ==================================== 1920 Common Vulnerability Scoring System: ==================================== 6.3 Product & Service Introduction: =============================== AVS Audio Editor is an audio file editor of its primary function is for editing audio files. It is able to cut, join, combine or split audio files. All these operations are done with great precision to the hundredth of a second. You can work with files in .wav formats, Mp3, Pcm, M4A, Flac and many others. (Copy of the Vendor Homepage: http://ift.tt/1PtCHJ5 ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered a local buffer overflow vulnerability in the AVS Audio Converter 8.2.1 software. Vulnerability Disclosure Timeline: ================================== 2016-08-22: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== AVS4YOU Product: AVS Audio Converter - Software 8.2.1 Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A buffer overflow vulnerability has been discovered in the official software AVS Audio Converter V8.2.1. The vulnerability allows local attackers to overwrite registers to compromise the local software process. Vulnerability classic buffer overflow is in the AVS Audio Converter. An attacker can manipulate the bit EIP register to execute the next instruction of their choice. Attackers can eg execute arbitrary code with the privileges of the process. The attacker has a large unicode string to crush the EIP register process. Finally, the attacker is able to process the takeover by a crushing of the active program process to compromise the computer system. Proof of Concept (PoC): ======================= The buffer overflow vulnerability can be exploited by local attackers with restricted system user account and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Download and install the AVS Audio Converter.exe 2. Run the code via perl script or perl 3. A file format (poc.txt) will be created 4. Open the generated file (poc.txt) 5. Start the AVS Audio Converter software 6. Attach a debugger like windbg, immunity or ollydbg 7. Load the path location by software interaction or copy paste the file characters AAAAAAAAA+... as input to the Output Folder 8. Click to Browse function for the path 9. Software will crash with unhandled exception and critical access violation 10. Watch the debugger logs were the eip is overwritten 11. Interact to manipulate the followup address 12. Successful reproduce of the local buffer overflow vulnerability! PoC: Exploitation (Perl) #!/usr/bin/perl my $Buff = "x41" x 9000; open(MYFILE,'>>poc.txt'); print MYFILE $Buff; close(MYFILE); print "Local BOF PoC by ZwXn";
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment