TECO TP3-PCLINK 2.1 – ‘.tpc’ Handling Buffer Overflow (PoC)

  • 作者: LiquidWorm
    日期: 2015-11-16
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/38702/
  • # TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability
#
#
# Vendor: TECO Electric and Machinery Co., Ltd.
# Product web page: http://www.teco-group.eu
# Affected version: 2.1
#
# Summary: TP3-PCLINK Software is the supportive software for TP03, providing
# three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input
# rapidly and correctly.
#
# Desc: The vulnerability is caused due to a boundary error in the processing
# of a project file, which can be exploited to cause a buffer overflow when a
# user opens e.g. a specially crafted .TPC file. Successful exploitation could
# allow execution of arbitrary code on the affected machine.
#
# ---------------------------------------------------------------------------------
# (794.193c): C++ EH exception - code e06d7363 (first chance)
# Critical error detected c0000374
# (794.193c): Break instruction exception - code 80000003 (first chance)
# eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141
# eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0 nv up ei pl nz na po nc
# cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00200202
# ntdll!RtlpNtEnumerateSubKey+0x1af8:
# 7794e725 ccint 3
# ---------------------------------------------------------------------------------
#
# Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit
#Microsoft Windows 7 Ultimate SP1 (EN) 64bit
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2015-5277
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5277.php
#
#
# 09.10.2015
#


PoC:

- http://zeroscience.mk/codes/tp3tpc-5277.zip
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38702.zip