Blaze Audio VoiceSFX "Abnormal Process Termination" vulnerability

["Kristian Hermansen" <this_is_kris () hotmail com>]

________________________________________________________________________

                Blaze Audio VoiceSFX Advisory
________________________________________________________________________

Date:                   July 15th, 2003

Affected versions: 1.3.0.6 (trial), possibly older/newer versions as well
________________________________________________________________________

Problem Description:

 According to the trial license you are not allowed to save your wav files unless you purchase the full version of the 
software.  There is an inherent "Process Termination Vulnerability" within the software that allows the user to capture 
a live wave file to disk, thus circumventing the trial limitation.

To exploit this vulnerability just start recording your wave file with an effect on it in real-time.  Then, instead of 
stopping the recording just terminate the program by clicking the "X" at the top right hand corner of the window and 
BAM!!!  The UNTITLED.WAV file is still stored in the program's install directory for your consumption.  Do this 
everytime you would like to save your work.  Have fun with this exploit...

Remember never to purchase software because bits arranged in a certain order are absolutely meaningless.  With enough 
computing power one could brute force the bits of this 2 MB program in just under a few days, thus eliminating the need 
to purchase the full version.
________________________________________________________________________

References:
  
  http://www.blazeaudio.com



Kris Hermansen
"Software analysis for the illegally blind"