CVE-2019-25616

Vulnerability

Overview

AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability in its registration name field. The application fails to properly validate the length of user-supplied input, allowing a local attacker to paste an oversized string of up to 6000 bytes into the 'Your Name and Registration Code' field [1][2]. This triggers a buffer overflow condition that crashes the application.

Exploitation

The attack is performed locally by an unauthenticated user who can interact with the application's GUI. The exploit involves generating a file containing 6000 'A' characters, copying the content to the clipboard, and pasting it into the registration field when prompted by the 'Register' dialog [2]. No special privileges or network access are required; the attacker only needs to run the vulnerable software on the same system.

Impact

Successful exploitation results in a denial of service (DoS) condition, causing the application to crash. The vulnerability does not appear to allow arbitrary code execution based on the available information; the primary impact is application termination [1][2]. The CVSS v3 score of 6.2 reflects a medium severity with high availability impact but no confidentiality or integrity compromise.

impact.

Mitigation

As of the latest references, no official patch has been released for this vulnerability. The vendor website (ddz1977.com) appears to be inactive, and the software may be considered end-of-life. Users are advised to avoid using the registration feature or to discontinue use of the application if possible [1][2].