Full Disclosure mailing list archives
Blaze Audio VoiceSFX "Abnormal Process Termination" vulnerability
From: "Kristian Hermansen" <this_is_kris () hotmail com>
Date: Tue, 15 Jul 2003 23:37:00 -0400
________________________________________________________________________
Blaze Audio VoiceSFX Advisory
________________________________________________________________________
Date: July 15th, 2003
Affected versions: 1.3.0.6 (trial), possibly older/newer versions as well
________________________________________________________________________
Problem Description:
According to the trial license you are not allowed to save your wav files unless you purchase the full version of the
software. There is an inherent "Process Termination Vulnerability" within the software that allows the user to capture
a live wave file to disk, thus circumventing the trial limitation.
To exploit this vulnerability just start recording your wave file with an effect on it in real-time. Then, instead of
stopping the recording just terminate the program by clicking the "X" at the top right hand corner of the window and
BAM!!! The UNTITLED.WAV file is still stored in the program's install directory for your consumption. Do this
everytime you would like to save your work. Have fun with this exploit...
Remember never to purchase software because bits arranged in a certain order are absolutely meaningless. With enough
computing power one could brute force the bits of this 2 MB program in just under a few days, thus eliminating the need
to purchase the full version.
________________________________________________________________________
References:
http://www.blazeaudio.com
Kris Hermansen
"Software analysis for the illegally blind"
Current thread:
- Blaze Audio VoiceSFX "Abnormal Process Termination" vulnerability Kristian Hermansen (Jul 15)
