|
________________________________________________________________________
Blaze Audio VoiceSFX Advisory ________________________________________________________________________ Date: July 15th, 2003 Affected versions: 1.3.0.6 (trial), possibly older/newer versions as well ________________________________________________________________________ Problem Description: According to the trial license you are not allowed to save your wav files unless you purchase the full version of the software. There is an inherent "Process Termination Vulnerability" within the software that allows the user to capture a live wave file to disk, thus circumventing the trial limitation. To exploit this vulnerability just start recording your wave file with an
effect on it in real-time. Then, instead of stopping the recording just
terminate the program by clicking the "X" at the top right hand corner of the
window and BAM!!! The UNTITLED.WAV file is still stored in the program's
install directory for your consumption. Do this everytime you would like
to save your work. Have fun with this exploit...
Remember never to purchase software because bits arranged in a certain
order are absolutely meaningless. With enough computing power one could
brute force the bits of this 2 MB program in just under a few days, thus
eliminating the need to purchase the full version.
________________________________________________________________________ References: http://www.blazeaudio.com Kris Hermansen
"Software analysis for the illegally
blind"
|
