Document Title: =============== FormatFactory 3.9.0 - (.task) Stack Overflow Vulnerability References (Source): ==================== http://ift.tt/2bLo45I Release Date: ============= 2016-09-01 Vulnerability Laboratory ID (VL-ID): ==================================== 1935 Common Vulnerability Scoring System: ==================================== 6.1 Product & Service Introduction: =============================== FormatFactory is a type conversion software released as Freeware by Free Time only available on Windows. It can convert video files as well as audio and image files. It is also able to rip DVDs and CDs in other formats such as .iso image file. It can convert .flv files while many video conversion software does not support this feature. (Copy of the Vendor Homepage: http://ift.tt/U9LOxD) Abstract Advisory Information: ============================== An independent vulnerability laboratory research (ZwX) discovered a local stack buffer overflow vulnerability in the FormatFactory v3.9.0 software. Vulnerability Disclosure Timeline: ================================== 2016-09-01: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Local Severity Level: =============== High Technical Details & Description: ================================ A local stack buffer overflow vulnerability has been discovered in the official FormatFactory v3.9.0 software. The overflow vulnerability allows remote attackers to take-over the process by overwrite of the active registers. A wrong validation check while loading a file (.task) results in a classic stack overflow that crashs the program. Remote attacker are finally able to overwrite for example the eip to control the vulnerable software process. The file format request in the software engine has no restriction of inputs or memory, when processing to request local .task files to queue. The security risk of the issue is estimated as high with a cvss (common vulnerability scoring system) count of 6.0. Exploitation of the vulnerability requires a low privilege or restricted system user account without user interaction. Successful exploitation of the vulnerability results in computer system manipulation and compromise of the computer system. Vulnerable File(s): [+] .task Proof of Concept (PoC): ======================= A local buffer overflow vulnerability can be exploited by local attackers without user interaction and with low privileged system user account. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. Manual steps to reproduce the vulnerability ... 1. Launch FormatFactoryr.exe 2. Run the code in perl and a file format (.task) will create 3. Click Spot - Task Load File 4. Click on Video and MP4 5. Click the button OK 6. Software crash permanently 7. Successfully reproduce of the local buffer overflow vulnerability! PoC: Exploit Code (Perl) #!/usr/bin/perl my $Buff = "x41" x 5000; open(MYFILE,'>>FormatFactory.task'); print MYFILE $Buff; close(MYFILE); print "PoC by ZwX";
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment