Michael Kohn Ringtone Tools 2.22 - .EMelody File Remote Buffer Overflow

2004-12-15T00:00:00
ID EXPLOITPACK:6C4FD5D18481A13707ACE876B6A70725
Type exploitpack
Reporter Qiao Zhang
Modified 2004-12-15T00:00:00

Description

Michael Kohn Ringtone Tools 2.22 - .EMelody File Remote Buffer Overflow

                                        
                                            source: https://www.securityfocus.com/bid/12010/info

Ringtone Tools is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain unauthorized access to a computer in the context of the application.

An attacker can exploit this issue by crafting a malicious eMelody file that contains excessive string data, replacement memory addresses, and executable instructions to trigger this issue.

If a user obtains this file and processes it through the application, the attacker-supplied instructions may be executed on the vulnerable computer. It is reported that successful exploitation may result in a compromise in the context of the application.

Ringtone Tools version 2.22 is reported prone to this vulnerability. It is likely that other versions are affected as well. 

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/25015.zip