Free MP3 CD Ripper Stack-Based Buffer Overflow Vulnerability Allowing DEP Bypass and Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in Free MP3 CD Ripper version 2.8, specifically in the processing of WMA files. This vulnerability allows local attackers to bypass Data Execution Prevention (DEP) by manipulating Structured Exception Handling (SEH). Exploitation involves crafting a malicious WMA file that, when loaded through the application's Convert function, triggers the buffer overflow. This exploitation can lead to the execution of arbitrary code by injecting shellcode and using Return-Oriented Programming (ROP) techniques.

Impact

Exploitation of this vulnerability can result in a stack-based buffer overflow, allowing for the execution of arbitrary code by injecting shellcode and manipulating the application's control flow through ROP chains.

Reproduction

To reproduce this vulnerability, ensure that DEP is enabled. Then, use a Python script to create a WMA file that exploits the buffer overflow. After generating the file, open Free MP3 CD Ripper, click on the 'Convert' button, and load the crafted WMA file. The exploitation can be verified by the appearance of a calculator application, indicating successful execution of the injected payload.