# TECO AP-PCLINK 1.094 TPC File Handling Buffer Overflow Vulnerability### Vendor: TECO Electric and Machinery Co., Ltd.# Product web page: http://www.teco-group.eu# Download: http://globalsa.teco.com.tw/support_download.aspx?KindID=9# Affected version: 1.094## Summary: AP-PCLINK is the supportive software for TP03 or AP series, providing# three edit modes as LADDER, IL, FBDand SFC, by which programs can be input rapidly# and correctly. Every form written into the TP03 or AP series and AP-PCLINK can# be monitored in the form of the data.## Desc: The vulnerability is caused due to a boundary error in the processing# of a project file, which can be exploited to cause a buffer overflow when a# user opens e.g. a specially crafted .TPC file. Successful exploitation could# allow execution of arbitrary code on the affected machine.## ---------------------------------------------------------------------------------# Critical error detected c0000374# (1950.ff0): Break instruction exception - code 80000003 (first chance)# eax=00000000 ebx=00000000 ecx=76f70b42 edx=0018d98d esi=00360000 edi=41414141# eip=76fce725 esp=0018dbe0 ebp=0018dc58 iopl=0 nv up ei pl nz na po nc# cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00200202# ntdll!RtlpNtEnumerateSubKey+0x1af8:# 76fce725 ccint 3# ---------------------------------------------------------------------------------## Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit#Microsoft Windows 7 Ultimate SP1 (EN) 64bit### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic# @zeroscience### Advisory ID: ZSL-2015-5278# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5278.php### 09.10.2015#
PoC:
- http://zeroscience.mk/codes/aptpc-5278.zip
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38703.zip
