# TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability### Vendor: TECO Electric and Machinery Co., Ltd.# Product web page: http://www.teco-group.eu# Affected version: 2.1## Summary: TP3-PCLINK Software is the supportive software for TP03, providing# three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input# rapidly and correctly.## Desc: The vulnerability is caused due to a boundary error in the processing# of a project file, which can be exploited to cause a buffer overflow when a# user opens e.g. a specially crafted .TPC file. Successful exploitation could# allow execution of arbitrary code on the affected machine.## ---------------------------------------------------------------------------------# (794.193c): C++ EH exception - code e06d7363 (first chance)# Critical error detected c0000374# (794.193c): Break instruction exception - code 80000003 (first chance)# eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141# eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0 nv up ei pl nz na po nc# cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00200202# ntdll!RtlpNtEnumerateSubKey+0x1af8:# 7794e725 ccint 3# ---------------------------------------------------------------------------------## Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit#Microsoft Windows 7 Ultimate SP1 (EN) 64bit### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic# @zeroscience### Advisory ID: ZSL-2015-5277# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5277.php### 09.10.2015#
PoC:
- http://zeroscience.mk/codes/tp3tpc-5277.zip
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38702.zip
