Vulnerability-Lookup

CNVD-2017-31021

Vulnerability from cnvd - Published: 2017-10-23

Title

Easy MOV Converter本地缓冲区溢出漏洞

Description

Ether Software Easy MOV Converte等都是不同版本的DVD刻录软件。 Easy MOV Converter存在本地缓冲区溢出漏洞。攻击者可借助特制的用户名利用该漏洞造成拒绝服务。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.divxtodvd.net/

Reference

https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py https://www.exploit-db.com/exploits/41911/

Impacted products

Name
['Ether Software Easy MOV Converter 1.4.24', 'Ether Software Easy DVD Creator', 'Ether Software Easy AVI DivX Converter', 'Ether Software My Video Converter', 'Ether Software MP3 WAV to CD Burner', 'Ether Software MP3/WAV/OGG/WMA/AC3 to CD Burner', 'Ether Software MP3/AVI/MPEG/WMV/RM to Audio CD Burner', 'Ether Software Easy CD DVD Copy', 'Ether Software Easy RM RMVB to DVD Burner', 'Ether Software Easy WMV/ASF/ASX to DVD Burner', 'Ether Software Easy MPEG to DVD Burner', 'Ether Software Easy Avi/Divx/Xvid to DVD Burner', 'Ether Software Easy MPEG/AVI/DIVX/WMV/RM to DVD', 'Ether Software Easy Video to iPod/MP4/PSP/3GP Converter', 'Ether Software Easy Video to MP4 Converter', 'Ether Software Easy Video to 3GP Converter', 'Ether Software Easy Video to PSP Converter', 'Ether Software Easy Video to iPod Converter']

Name

['Ether Software Easy MOV Converter 1.4.24', 'Ether Software Easy DVD Creator', 'Ether Software Easy AVI DivX Converter', 'Ether Software My Video Converter', 'Ether Software MP3 WAV to CD Burner', 'Ether Software MP3/WAV/OGG/WMA/AC3 to CD Burner', 'Ether Software MP3/AVI/MPEG/WMV/RM to Audio CD Burner', 'Ether Software Easy CD DVD Copy', 'Ether Software Easy RM RMVB to DVD Burner', 'Ether Software Easy WMV/ASF/ASX to DVD Burner', 'Ether Software Easy MPEG to DVD Burner', 'Ether Software Easy Avi/Divx/Xvid to DVD Burner', 'Ether Software Easy MPEG/AVI/DIVX/WMV/RM to DVD', 'Ether Software Easy Video to iPod/MP4/PSP/3GP Converter', 'Ether Software Easy Video to MP4 Converter', 'Ether Software Easy Video to 3GP Converter', 'Ether Software Easy Video to PSP Converter', 'Ether Software Easy Video to iPod Converter']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-8367"
    }
  },
  "description": "Ether Software Easy MOV Converte\u7b49\u90fd\u662f\u4e0d\u540c\u7248\u672c\u7684DVD\u523b\u5f55\u8f6f\u4ef6\u3002\r\n\r\nEasy MOV Converter\u5b58\u5728\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u7528\u6237\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Muhann4d",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.divxtodvd.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-31021",
  "openTime": "2017-10-23",
  "products": {
    "product": [
      "Ether Software Easy MOV Converter 1.4.24",
      "Ether Software Easy DVD Creator",
      "Ether Software Easy AVI DivX Converter",
      "Ether Software My Video Converter",
      "Ether Software MP3 WAV to CD Burner",
      "Ether Software MP3/WAV/OGG/WMA/AC3 to CD Burner",
      "Ether Software MP3/AVI/MPEG/WMV/RM to Audio CD Burner",
      "Ether Software Easy CD DVD Copy",
      "Ether Software Easy RM RMVB to DVD Burner",
      "Ether Software Easy WMV/ASF/ASX to DVD Burner",
      "Ether Software Easy MPEG to DVD Burner",
      "Ether Software Easy Avi/Divx/Xvid to DVD Burner",
      "Ether Software Easy MPEG/AVI/DIVX/WMV/RM to DVD",
      "Ether Software Easy Video to iPod/MP4/PSP/3GP Converter",
      "Ether Software Easy Video to MP4 Converter",
      "Ether Software Easy Video to 3GP Converter",
      "Ether Software Easy Video to PSP Converter",
      "Ether Software Easy Video to iPod Converter"
    ]
  },
  "referenceLink": "https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py\r\nhttps://www.exploit-db.com/exploits/41911/",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-04",
  "title": "Easy MOV Converter\u672c\u5730\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2017-8367 (GCVE-0-2017-8367)

Vulnerability from cvelistv5 – Published: 2017-04-30 19:00 – Updated: 2024-08-05 16:34

Summary

Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.exploit-db.com/exploits/41911/	exploitx_refsource_EXPLOIT-DB
	https://github.com/offensive-security/exploit-dat…	x_refsource_MISC

Date Public ?

2017-04-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:34:22.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41911",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41911/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-04-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-30T19:57:02.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "41911",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41911/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8367",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41911",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41911/"
            },
            {
              "name": "https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py",
              "refsource": "MISC",
              "url": "https://github.com/offensive-security/exploit-database/blob/master/platforms/windows/dos/41911.py"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8367",
    "datePublished": "2017-04-30T19:00:00.000Z",
    "dateReserved": "2017-04-30T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:34:22.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-31021

CVE-2017-8367 (GCVE-0-2017-8367)

Tags

Sightings

Nomenclature