Description: Advisory : CORELAN-11-002
Disclosure date : April 26, 2011
URL : corelan.be/advisories.php?id=CORELAN-11-002
OSVDB : 72455
00 : Vulnerability information
Product : Magix Music Maker 16
Version : 16.0.2.4
Vendor : Magix AG
URL : magix.com/
Platform : Windows XP, Vista, Windows 7
Type of vulnerability : Stack Buffer Overflow
Risk rating : Medium
Issue fixed in version : Fixed in Version 17
Vulnerability discovered by : Acidgen
Vulnerability discovery date: Mon, 10 Jan 2011
01 : Vendor Information
Magix Music Maker
turns making music into an experience! Create your own songs, remixes, and beats right
off the bat. Use practical info videos and loads of sounds, loops and effects to develop
your own musical style now – without any prior skills.
02 : Vulnerability Details
The Magix Music Maker 16 is prone to a buffer overflow parsing a malformed file. This will overwrite the Exception handler.
Thus letting an attacker execute arbitrary code. The problem is caused by a unsafe strcpy.
03 : Vendor Correspondence
Mon, 10 Jan 2011: Acidgen posts in their forum asking for a contact due to a vulnerability in their software.
Tue, 11 Jan 2011: Vendor Responded asked to disclose details.
Tue, 11 Jan 2011: Acidgen replies with details about the vulnerability.
(includes an none- harmful file explaining the problem)
Wed, 12 Jan 2011: Vendor replies that they are looking into it.
Thu, 27 Jan 2011: Acidgen asks if they need any more help, and if they have identified the problem.
Thu, 27 Jan 2011: Vendor asks for a proof of concept.
Thu, 27 Jan 2011: Acidgen provides a none- harmful proof of concept (spawning calc)
Fri, 28 Jan 2011: Vendor verifies that PoC works, and asks an explanation of possible implications.
Tue, 01 Feb 2011: Acidgen Explains possible scenarios.
Wed, 02 Feb 2011: Vendor replies thanks Acidgen, and they are going to discuss it internally.
Mon, 07 Mar 2011: Acidgen asks if they've come up with a solution and a possible patch date.
———– Somewhere here the vendor releases version 17 ———–
Fri, 18 Mar 2011: Vendor replies and says that it has been forwarded to the legal department.
Fri, 18 Mar 2011: Vendor replies and says that legal department will be in touch shortly.
Tue, 22 Mar 2011: Lawsuit threat from Magix due to extortion and virus implications.
Sat, 02 Apr 2011: Acidgen asks Magix to revisit their position and communicate an acceptable disclosure date.
Tue, 26 Apr 2011: Acidgen releases this advisory
Tags: metasploit ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.