Zortam ID3 Tag Editor 5.0 Remote Stack Overflow Vulnerability

2009-07-16T00:00:00
ID ZSL-2009-4919
Type zeroscience
Reporter Gjoko Krstic
Modified 2009-07-16T00:00:00

Description

Title: Zortam ID3 Tag Editor 5.0 Remote Stack Overflow Vulnerability
Advisory ID: ZSL-2009-4919
Type: Local/Remote
Impact: System Access, DoS
Risk: (3/5)
Release Date: 16.07.2009

Summary

Zortam ID3 Tag Editor is all-in-one MP3 organizer application for editing ID3 tags (Mp3 ID3 Tag Editor) with support for ID3v1 and ID3v2 tags, managing M3u playlists (Playlist manager), renaming files (Mp3 Renamer) using ID3 tags, searching for duplicate Mp3 files, searching and cataloguing Mp3 files into Mp3 library, listening Mp3's using your favorite Mp3 player and much more. You can even add lyrics and picture to ID3 tags(cover, artist picture, etc.) to your Mp3 files.

Description

Zortam ID3 Tag Editor is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed mp3 files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

Vendor

Zortam Corp. - <http://www.zortam.com>

Affected Version

5.0

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

zortam_bof.txt
aimp2_evil.mp3

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://packetstormsecurity.org/filedesc/zortamid3-overflow.txt.html>
[2] <http://securityreason.com/exploitalert/6634>
[3] <http://zeroscience.mk/codes/aimp2_evil.mp3>
[4] <http://milw0rm.com/sploits/2009-aimp2_evil.mp3>
[5] <http://securityreason.com/download/11/13>

Changelog

[16.07.2009] - Initial release

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            ###################################################################################

Title: Zortam ID3 Tag Editor 5.0 (mp3 file) Remote Stack Overflow Vulnerability

Product Web Page: http://www.zortam.com/

Tested On: Microsoft Windows XP Professional SP3 (English)

Desc: Just download the PoC, and search for media or navigate with the vuln program
in the folder where the evil .mp3 file is located...boom.

Vulnerability Discovered by Gjoko 'LiquidWorm' Krstic

liquidworm gmail com

Zero Science Lab (c) 2009
Macedonian Security Research & Development Laboratory
http://www.zeroscience.org/

16.07.2009

###################################################################################
1. PoC: http://zeroscience.org/codes/aimp2_evil.mp3
2. PoC: http://milw0rm.com/sploits/2009-aimp2_evil.mp3
3. PoC: http://securityreason.com/download/11/13
###################################################################################

###################################################################################