Full Disclosure mailing list archives
Blaze Audio VoiceSFX "Abnormal Process Termination" vulnerability
From: "Kristian Hermansen" <this_is_kris () hotmail com>
Date: Tue, 15 Jul 2003 23:37:00 -0400
________________________________________________________________________ Blaze Audio VoiceSFX Advisory ________________________________________________________________________ Date: July 15th, 2003 Affected versions: 1.3.0.6 (trial), possibly older/newer versions as well ________________________________________________________________________ Problem Description: According to the trial license you are not allowed to save your wav files unless you purchase the full version of the software. There is an inherent "Process Termination Vulnerability" within the software that allows the user to capture a live wave file to disk, thus circumventing the trial limitation. To exploit this vulnerability just start recording your wave file with an effect on it in real-time. Then, instead of stopping the recording just terminate the program by clicking the "X" at the top right hand corner of the window and BAM!!! The UNTITLED.WAV file is still stored in the program's install directory for your consumption. Do this everytime you would like to save your work. Have fun with this exploit... Remember never to purchase software because bits arranged in a certain order are absolutely meaningless. With enough computing power one could brute force the bits of this 2 MB program in just under a few days, thus eliminating the need to purchase the full version. ________________________________________________________________________ References: http://www.blazeaudio.com Kris Hermansen "Software analysis for the illegally blind"
Current thread:
- Blaze Audio VoiceSFX "Abnormal Process Termination" vulnerability Kristian Hermansen (Jul 15)